From nobody@FreeBSD.org  Wed Aug  7 17:00:57 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id E970BF32
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  7 Aug 2013 17:00:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id C7BE228CC
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  7 Aug 2013 17:00:57 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r77H0vTg003096
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 7 Aug 2013 17:00:57 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r77H0vaR003073;
	Wed, 7 Aug 2013 17:00:57 GMT
	(envelope-from nobody)
Message-Id: <201308071700.r77H0vaR003073@oldred.freebsd.org>
Date: Wed, 7 Aug 2013 17:00:57 GMT
From: Ken Reed <kreed002@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Network Servers and INETD Cleanup
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         181117
>Category:       docs
>Synopsis:       Network Servers and INETD Cleanup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    wblock
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 07 17:10:00 UTC 2013
>Closed-Date:    Fri Aug 09 21:59:40 UTC 2013
>Last-Modified:  Fri Aug 09 21:59:40 UTC 2013
>Originator:     Ken Reed
>Release:        9.1-Release-p5
>Organization:
>Environment:
FreeBSD chaos 9.1-RELEASE-p5 FreeBSD 9.1-RELEASE-p5 #0: Sat Jul 27 01:14:23 UTC 2013     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Removing a duplicate line in network-servers.html, then modifying some text and making tags consistent in both that and network-inetd.html.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	(revision 42517)
+++ en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	(working copy)
@@ -23,12 +23,13 @@
     <title>Synopsis</title>
 
     <para>This chapter will cover some of the more frequently used
-      network services on &unix; systems.  We will cover how to
-      install, configure, test, and maintain many different types of
-      network services.  Example configuration files are included
-      throughout this chapter for you to benefit from.</para>
+      	network services on &unix; systems.  This will include how to
+      	install, configure, test, and maintain the many different types 
+	of network services.  As an added convenience, example 
+	configuration files are included throughout this chapter 
+	for you to benefit from.</para>
 
-    <para>After reading this chapter, you will know:</para>
+    <para>At the end of this chapter, readers should know:</para>
 
     <itemizedlist>
 
@@ -38,41 +39,39 @@
       </listitem>
 
       <listitem>
-	<para>How to set up a network file system.</para>
+	<para>How to set up the Network File System
+	(<acronym>NFS</acronym>).</para>
       </listitem>
 
       <listitem>
-	<para>How to set up a network information server for sharing
-	  user accounts.</para>
+	<para>How to set up the network information server
+	(<acronym>NIS</acronym>) for centralizing and sharing user accounts.
+	</para>
       </listitem>
 
       <listitem>
 	<para>How to set &os; up to act as an <acronym>LDAP</acronym>
-	  server or client</para>
+	  server or client.</para>
       </listitem>
 
       <listitem>
-	<para>How to set &os; up to act as an <acronym>LDAP</acronym>
-	  server or client</para>
-      </listitem>
-
-      <listitem>
 	<para>How to set up automatic network settings using
-	  DHCP.</para>
+	  <acronym>DHCP</acronym>.</para>
       </listitem>
 
       <listitem>
-	<para>How to set up a domain name server.</para>
+	<para>How to set up a domain name server
+	(<acronym>DNS</acronym>).</para>
       </listitem>
 
       <listitem>
 	<para>How to set up the <application>Apache</application>
-	  HTTP Server.</para>
+	  <acronym>HTTP</acronym> Server.</para>
       </listitem>
 
       <listitem>
-	<para>How to set up a File Transfer Protocol (FTP)
-	  Server.</para>
+	<para>How to set up a File Transfer Protocol
+	(<acronym> FTP</acronym>) Server.</para>
       </listitem>
 
       <listitem>
@@ -82,7 +81,8 @@
 
       <listitem>
 	<para>How to synchronize the time and date, and set up a
-	  time server, with the NTP protocol.</para>
+	time server with the Network Time Protocol
+	(<acronym>NTP</acronym>).</para>
       </listitem>
 
       <listitem>
@@ -93,7 +93,7 @@
 
     </itemizedlist>
 
-    <para>Before reading this chapter, you should:</para>
+    <para>Reading this chapter assumes a basic knowledge of:</para>
 
     <itemizedlist>
       <listitem>
@@ -102,11 +102,11 @@
       </listitem>
 
       <listitem>
-	<para>Be familiar with basic network terminology.</para>
+	<para>Basic network terminology.</para>
       </listitem>
 
       <listitem>
-	<para>Know how to install additional third-party
+	<para>Ability to install additional third-party
 	  software (<xref linkend="ports"/>).</para>
       </listitem>
 
@@ -210,12 +210,12 @@
 	single IP address from requesting any service more than 60
 	times in any given minute.</para>
 
-      <para>Although we mention rate-limiting options below, novice
-	users may be pleased to note that these parameters usually do
-	not need to be modified.  These options may be useful if
-	an excessive amount of connections are being established.
-	A full list of options can be found in the
-	&man.inetd.8; manual.</para>
+      <para>Although the following examples include rate-limiting
+	options below, novice users should be aware that
+	these parameters usually do not need to be modified.
+	These options may be useful if an excessive amount of
+	connections are being established.  A full list of
+	options can be found in the &man.inetd.8; manual page.</para>
 
       <variablelist>
 	<varlistentry>
@@ -1850,7 +1850,7 @@
 
 	      <note>
 		<para>Keep in mind that at least one local account
-		  (i.e. not imported via NIS) must exist in
+		  (i.e., not imported via NIS) must exist in
 		  <filename>/etc/master.passwd</filename> and this
 		  account should also be a member of the group
 		  <groupname>wheel</groupname>.  If there is something


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->wblock 
Responsible-Changed-By: wblock 
Responsible-Changed-When: Wed Aug 7 18:07:05 UTC 2013 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181117 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/181117: commit references a PR
Date: Fri,  9 Aug 2013 20:37:53 +0000 (UTC)

 Author: wblock
 Date: Fri Aug  9 20:37:45 2013
 New Revision: 42525
 URL: http://svnweb.freebsd.org/changeset/doc/42525
 
 Log:
   Clarify, improve language and tags.  Committed version is a modified
   version of patch included in PR, thanks to Ken Reed.
   
   PR:		docs/181117
   Submitted by:	Ken Reed <kreed002@gmail.com>
 
 Modified:
   head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
 
 Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
 ==============================================================================
 --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Thu Aug  8 17:21:07 2013	(r42524)
 +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Fri Aug  9 20:37:45 2013	(r42525)
 @@ -22,13 +22,14 @@
    <sect1 id="network-servers-synopsis">
      <title>Synopsis</title>
  
 -    <para>This chapter will cover some of the more frequently used
 -      network services on &unix; systems.  We will cover how to
 -      install, configure, test, and maintain many different types of
 -      network services.  Example configuration files are included
 -      throughout this chapter for you to benefit from.</para>
 +    <para>This chapter covers some of the more frequently used
 +      network services on &unix; systems.  This includes
 +      installing, configuring, testing, and maintaining
 +      many different types of network services.  Example
 +      configuration files are included throughout this
 +      chapter for reference.</para>
  
 -    <para>After reading this chapter, you will know:</para>
 +    <para>By the end of this chapter, readers will know:</para>
  
      <itemizedlist>
  
 @@ -38,11 +39,13 @@
        </listitem>
  
        <listitem>
 -	<para>How to set up a network file system.</para>
 +	<para>How to set up the Network File System
 +	  (<acronym>NFS</acronym>).</para>
        </listitem>
  
        <listitem>
 -	<para>How to set up a network information server for sharing
 +	<para>How to set up the Network Information Server
 +	  (<acronym>NIS</acronym>) for centralizing and sharing
  	  user accounts.</para>
        </listitem>
  
 @@ -52,27 +55,23 @@
        </listitem>
  
        <listitem>
 -	<para>How to set &os; up to act as an <acronym>LDAP</acronym>
 -	  server or client</para>
 -      </listitem>
 -
 -      <listitem>
  	<para>How to set up automatic network settings using
 -	  DHCP.</para>
 +	  <acronym>DHCP</acronym>.</para>
        </listitem>
  
        <listitem>
 -	<para>How to set up a domain name server.</para>
 +	<para>How to set up a Domain Name Server
 +	  (<acronym>DNS</acronym>).</para>
        </listitem>
  
        <listitem>
  	<para>How to set up the <application>Apache</application>
 -	  HTTP Server.</para>
 +	  <acronym>HTTP</acronym> Server.</para>
        </listitem>
  
        <listitem>
 -	<para>How to set up a File Transfer Protocol (FTP)
 -	  Server.</para>
 +	<para>How to set up a File Transfer Protocol
 +	  (<acronym>FTP</acronym>) server.</para>
        </listitem>
  
        <listitem>
 @@ -82,7 +81,8 @@
  
        <listitem>
  	<para>How to synchronize the time and date, and set up a
 -	  time server, with the NTP protocol.</para>
 +	  time server using the Network Time Protocol
 +	  (<acronym>NTP</acronym>).</para>
        </listitem>
  
        <listitem>
 @@ -93,20 +93,19 @@
  
      </itemizedlist>
  
 -    <para>Before reading this chapter, you should:</para>
 +    <para>This chapter assumes a basic knowledge of:</para>
  
      <itemizedlist>
        <listitem>
 -	<para>Understand the basics of the
 -	  <filename>/etc/rc</filename> scripts.</para>
 +	<para><filename>/etc/rc</filename> scripts.</para>
        </listitem>
  
        <listitem>
 -	<para>Be familiar with basic network terminology.</para>
 +	<para>Network terminology.</para>
        </listitem>
  
        <listitem>
 -	<para>Know how to install additional third-party
 +	<para>Installation of additional third-party
  	  software (<xref linkend="ports"/>).</para>
        </listitem>
  
 @@ -167,20 +166,14 @@
        <para><application>inetd</application> is initialized through
  	the &man.rc.8; system.  The
  	<literal>inetd_enable</literal> option is set to
 -	<literal>NO</literal> by default, but may be turned on
 -	by <application>sysinstall</application> during installation,
 -	depending on the configuration chosen by the user.
 -	Placing:</para>
 +	<literal>NO</literal> by default.  It can be enabled
 +	by placing:</para>
  
        <programlisting>inetd_enable="YES"</programlisting>
  
 -      <para>or</para>
 -
 -      <programlisting>inetd_enable="NO"</programlisting>
 -
        <para>into
 -	<filename>/etc/rc.conf</filename> will enable or disable
 -	<application>inetd</application> starting at boot time.
 +	<filename>/etc/rc.conf</filename>.
 +	<application>inetd</application> will now start at boot time.
  	The command:</para>
  
        <screen>&prompt.root; <userinput>service inetd rcvar</userinput></screen>
 @@ -512,14 +505,15 @@ server-program-arguments</programlisting
  	because they provide
  	information that may be useful to an attacker.</para>
  
 -      <para>Some daemons are not security-conscious and have long, or
 -	non-existent, timeouts for connection attempts.  This allows
 -	an attacker to slowly send connections to a particular daemon,
 -	thus saturating available resources.  It may be a good idea to
 -	place <option>max-connections-per-ip-per-minute</option>,
 -	<option>max-child</option> or
 -	<option>max-child-per-ip</option> limitations on certain
 -	daemons if there are too many connections.</para>
 +      <para>Some daemons are not security-conscious and have long or
 +	non-existent timeouts for connection attempts.  An attacker
 +	can send connections to a particular daemon, eventually
 +	consuming available resources and resulting in a Denial	of
 +	Service (<acronym>DoS</acronym>).
 +	<literal>max-connections-per-ip-per-minute</literal>,
 +	<literal>max-child</literal> and
 +	<literal>max-child-per-ip</literal> can be used to limit
 +	such attacks.</para>
  
        <para>By default, TCP wrapping is turned on.  Consult the
  	&man.hosts.access.5; manual page for more information on
 _______________________________________________
 svn-doc-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-doc-all
 To unsubscribe, send any mail to "svn-doc-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: wblock 
State-Changed-When: Fri Aug 9 21:59:12 UTC 2013 
State-Changed-Why:  
Modified patch committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181117 
>Unformatted:
