diff options
| author | Holger Dengler <dengler@linutronix.de> | 2018-01-15 16:35:01 +0100 |
|---|---|---|
| committer | John Ogness <john.ogness@linutronix.de> | 2018-01-15 16:53:17 +0100 |
| commit | 4666d19e5b7efa763c25e54c3a90d9ef38f9b234 (patch) | |
| tree | aec1f5859ac14c8182cf5e84864c0eac84476acc | |
| parent | 4d5f8223acb7ab90af7fc4b8aa1c391838c1af21 (diff) | |
security: change code fontsize to scriptsize
Fontsize "scriptsize" is a good alternative between default fontsize
and "tiny".
Signed-off-by: Holger Dengler <dengler@linutronix.de>
| -rw-r--r-- | security/advanced/frm_exploit_mitigation.tex | 8 | ||||
| -rw-r--r-- | security/advanced/frm_process_thread.tex | 10 | ||||
| -rw-r--r-- | security/basics/pres_password_en.tex | 6 | ||||
| -rw-r--r-- | security/firewall/pres_iptables.tex | 52 | ||||
| -rw-r--r-- | security/firewall_ex/pres_ex_firewall.tex | 48 |
5 files changed, 70 insertions, 54 deletions
diff --git a/security/advanced/frm_exploit_mitigation.tex b/security/advanced/frm_exploit_mitigation.tex index 559b60e..09a3744 100644 --- a/security/advanced/frm_exploit_mitigation.tex +++ b/security/advanced/frm_exploit_mitigation.tex @@ -27,7 +27,7 @@ \begin{frame}[fragile] \frametitle{Stack: Code Example I} \begin{beamerboxesrounded}[shadow=true]{Bad copy to stack local buffer} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} #include <string.h> @@ -40,7 +40,7 @@ int main (int argc, char **argv) { foo(argv[1]); } \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -48,7 +48,7 @@ int main (int argc, char **argv) { \begin{frame}[fragile] \frametitle{Stack: Code Example II} \begin{beamerboxesrounded}[shadow=true]{Manipulation of return address} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} #include <stdio.h> #include <string.h> @@ -74,7 +74,7 @@ void main(void) } \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} diff --git a/security/advanced/frm_process_thread.tex b/security/advanced/frm_process_thread.tex index 1c2123a..67954e0 100644 --- a/security/advanced/frm_process_thread.tex +++ b/security/advanced/frm_process_thread.tex @@ -198,30 +198,40 @@ char *envp[] = { \begin{itemize} \item Requirements \begin{itemize} + \begin{scriptsize} \item communicate between Processes (e.g. Child to Parent) \item private communication channel + \end{scriptsize} \end{itemize} \item Solution Statement \begin{enumerate} + \begin{scriptsize} \item open an anonymous pipe \item duplicate process with fork() \item Parent and Child choose a communication role \begin{itemize} + \begin{scriptsize} \item Sender: close the read-FD and send data to write-FD \item Listener: close the write-FD and listen on read-FD + \end{scriptsize} \end{itemize} + \end{scriptsize} \end{enumerate} \item Note: \begin{itemize} + \begin{scriptsize} \item pipe-syscall opens two file-descriptors \\ (one for read from, and one for write to the pipe) \item after fork-syscall, both processes has access to pipe file-descriptors \item pipe communication is unidirectional + \end{scriptsize} \end{itemize} \item Result \begin{itemize} + \begin{scriptsize} \item private communication between Parent and Child \item decoupled, buffered communication through pipe + \end{scriptsize} \end{itemize} \item other IPC mechanisms (e.g. POSIX IPC) are also possible \end{itemize} diff --git a/security/basics/pres_password_en.tex b/security/basics/pres_password_en.tex index a3a7ca9..38529b4 100644 --- a/security/basics/pres_password_en.tex +++ b/security/basics/pres_password_en.tex @@ -84,6 +84,7 @@ \begin{columns}[onlytextwidth] \begin{column}[t]{0.5\textwidth} Password + \begin{scriptsize} \begin{itemize} \item require minimum length and variance \item large character namespace @@ -93,14 +94,18 @@ \item Example: \textbf{meFx\_5} \item usual consequences: \begin{itemize} + \begin{scriptsize} \item notes with passwords \item shared passwords \item password schemata + \end{scriptsize} \end{itemize} \end{itemize} + \end{scriptsize} \end{column} \begin{column}[t]{0.5\textwidth} Passphrase + \begin{scriptsize} \begin{itemize} \item often > 10 characters \item Mixed characters and spaces @@ -113,6 +118,7 @@ \textbf{Th1s IS\_my\_buildserver!} \\ (length: 23, mixed alpha, space, symbols, non-dictionary) \end{itemize} + \end{scriptsize} \end{column} \end{columns} \end{frame} diff --git a/security/firewall/pres_iptables.tex b/security/firewall/pres_iptables.tex index b45eddf..e7fd23d 100644 --- a/security/firewall/pres_iptables.tex +++ b/security/firewall/pres_iptables.tex @@ -201,38 +201,38 @@ Note: Use penetration tools \emph{very} carefully! \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Show all Chains of Table \emph{filter}:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -t filter -L iptables -L # Table filter is default \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Flush all Chains:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -F \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Set default Policies:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -P <CHAIN> <ACTION> \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{User-defined Chains:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -N <CHAIN> # create new chain iptables -X <CHAIN> # delete chain iptables -E <old> <new> # rename chain \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -240,7 +240,7 @@ iptables -E <old> <new> # rename chain \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Rules:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -A <CHAIN> <rule-spec> # append rule to chain iptables -C <CHAIN> <rule-spec> # find matching rule in chain @@ -250,7 +250,7 @@ iptables -I <CHAIN> <rule-num> <rule-spec> # insert rule in chain as rule-num iptables -R <CHAIN> <rule-num> <rule-spec> # replace rule in chain iptables -F <CHAIN> # flush all rules in chain \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -258,25 +258,25 @@ iptables -F <CHAIN> # flush all rules in chain \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Rule specifications:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} --source <addr>/<mask> # match source IP/IP-range --sport <port> # match source port --destination <addr>/<mask> # match destination IP/IP-range --dport <port> # match destination port \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Match extensions:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} --modprobe <module> # load target or match extension module --m connstate --ctstate <state> # extension connstate, match state --m icmp --icmp-type <type> # extension icmp-type, match packet type --m limit --limit <rate>/<ival> # extension limit, limit to rate per interval \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -298,7 +298,7 @@ iptables -F <CHAIN> # flush all rules in chain \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Preparation} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # set default policy iptables -P INPUT DROP # opt: REJECT, ACCEPT @@ -308,7 +308,7 @@ iptables -P OUTPUT DROP # opt: REJECT, ACCEPT iptables -F ... \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -316,7 +316,7 @@ iptables -F \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{SSH-Client} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # # Allow incoming traffic only @@ -325,7 +325,7 @@ iptables -F iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -333,7 +333,7 @@ iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Web-Server} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # # Allow outgoing traffic only @@ -344,7 +344,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED - iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -352,7 +352,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED - \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{FTP-Server (iptables-persistent script)} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} *filter :INPUT DROP [0:0] @@ -367,7 +367,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED - # Important: always necessary for iptables-restore COMMIT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -375,7 +375,7 @@ COMMIT \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{User-defined LOGDROP chain} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # create new chain iptables -X LOGDROP @@ -383,7 +383,7 @@ iptables -N LOGDROP iptables -A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " --log-level 7 iptables -A LOGDROP -j DROP \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -391,7 +391,7 @@ iptables -A LOGDROP -j DROP \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Trace all outgoing traffic} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} *filter @@ -407,7 +407,7 @@ iptables -A LOGDROP -j DROP # Important: always necessary for iptables-restore COMMIT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} diff --git a/security/firewall_ex/pres_ex_firewall.tex b/security/firewall_ex/pres_ex_firewall.tex index e6bc755..7e8a444 100644 --- a/security/firewall_ex/pres_ex_firewall.tex +++ b/security/firewall_ex/pres_ex_firewall.tex @@ -25,7 +25,7 @@ \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} mkdir ex_ipt cd ex_ipt @@ -36,7 +36,7 @@ iptables -X iptables -F iptables -Z \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -54,7 +54,7 @@ iptables -Z \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -P INPUT DROP iptables -P OUTPUT DROP @@ -63,7 +63,7 @@ iptables-save > step1 iptables -F iptables-restore < step1 \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -82,7 +82,7 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # New chain :LOGDROP - [0:0] @@ -93,7 +93,7 @@ iptables-restore < step1 -A INPUT -i eth0 -j LOGDROP -A OUTPUT -o eth0 -j LOGDROP \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -109,13 +109,13 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # loopback -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -130,13 +130,13 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # DNS -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -151,7 +151,7 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # PING limited accept -A INPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT @@ -162,7 +162,7 @@ iptables-restore < step1 -A OUTPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT -A OUTPUT -p icmp -j DROP \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -177,7 +177,7 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # Allow established connections in and out -A INPUT -m state --state ESTABLISHED -j ACCEPT @@ -187,7 +187,7 @@ iptables-restore < step1 -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT # -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -203,14 +203,14 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # LOGNEW_ACCEPT Chain :LOGNEW_ACCEPT - [0:0] -A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " -A LOGNEW_ACCEPT -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -224,13 +224,13 @@ iptables-restore < step1 \pause \begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # DNS -A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ -j LOGNEW_ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -239,7 +239,7 @@ iptables-restore < step1 \begin{frame}[fragile] \frametitle{Full example with Ping, DNS, and SSH} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # Generated by iptables-save v1.4.14 on Sat Apr 6 19:47:41 2013 *filter @@ -257,13 +257,13 @@ iptables-restore < step1 -A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " -A LOGNEW_ACCEPT -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Full example with Ping, DNS, and SSH} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # loopback -A INPUT -i lo -j ACCEPT @@ -281,13 +281,13 @@ iptables-restore < step1 -A INPUT -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Full example with Ping, DNS, and SSH} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # DNS -A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ @@ -307,7 +307,7 @@ iptables-restore < step1 COMMIT # Completed on Sat Apr 6 19:47:41 2013 \end{verbatim} -\end{tiny} +\end{scriptsize} \end{frame} % ---------------------------- |