Handbook - Security: Upgrade the chapter
Upgrade Security chapter as part of the Handbook Working Group.
This is a first approximation, there are things to improve and
add to the chapter, but we can continue from here :)
Changes:
- Move VPN over IPSec to an article, in the future we will add too OpenVPN (DCO) and WireGuard to the article
- Rework Securing Accounts section
- Upgrade Password Hashes algorithms
- Improve sudo/doas section
- Add new Intrusion Detection System (IDS) section
- Add new Secure levels section
- Add new File flags section
- Rework OpenSSH and OpenSSL sections
- Rework Access Control Lists and add NFSv4 ACLs
- Add Capsicum introduction section
- Upgrade Resource Limits section
- Improve Asciidoc syntax
Documentation checked:
- https://man.freebsd.org/security
- https://calomel.org/ids_mtree.html
- https://calomel.org/openssh.html
- https://calomel.org/openssh_distributed.html
- https://man.freebsd.org/cgi/man.cgi?query=chflags&sektion=1&apropos=0&manpath=FreeBSD+13.2-RELEASE+and+Ports
- https://www.cyberciti.biz/tips/howto-write-protect-file-with-immutable-bit.html
- https://wiki.gentoo.org/wiki/Doas
- https://people.freebsd.org/~dannyboy/articles/freebsd_acls.pdf
- https://wiki.freebsd.org/NFSv4_ACLs
- https://man.freebsd.org/cgi/man.cgi?setfacl
Reviewed by: emaste, karels, philip (first draft)
Differential Revision: https://reviews.freebsd.org/D41620
Sponsored by: Daifressh