Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenStep 4.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

MD4Init(3), MD4Update(3), MD4Pad(3), MD4Final(3), MD4End(3), MD4File(3), MD4FileChunk(3), MD4Data(3)

calculate the RSA Data Security, Inc., ``MD4'' message digest

MD5Init(3), MD5Update(3), MD5Pad(3), MD5Final(3), MD5End(3), MD5File(3), MD5FileChunk(3), MD5Data(3)

calculate the RSA Data Security, Inc., ``MD5'' message digest

acl(3)

introduction to the POSIX.1e/NFSv4 ACL security API

audit(4)

Security Event Audit

audit.log(5), audit(5)

Basic Security Module (BSM) file format

gss_accept_sec_context(3)

Accept a security context initiated by a peer application

gss_delete_sec_context(3)

Discard a security context

gss_export_sec_context(3)

Transfer a security context to another process

gss_init_sec_context(3)

Initiate a security context with a peer application

gss_inquire_context(3)

Obtain information about a security context

gss_process_context_token(3)

Process a token on a security context from a peer application

gssapi(3)

Generic Security Services API

gssd(8)

Generic Security Services Daemon

ipsec(4)

Internet Protocol Security protocol

ktls(4)

kernel Transport Layer Security

libbsm(3)

Basic Security Module (BSM) Audit API

mac(3)

introduction to the MAC security API

mac_mls(4)

Multi-Level Security confidentiality policy

posix1e(3)

introduction to the POSIX.1e security API

rpc_gss_get_mech_info(3)

Get extra information about a security mechanism

rpc_gss_is_installed(3)

Query for the presence os a security mechanism

rpc_gss_seccreate(3)

create a security context using the RPCSEC_GSS protocol

rpc_gss_set_callback(3)

Register a security context creation callback

safexcel(4)

Inside Secure SafeXcel-IP-97 security packet engine

sdoc(7)

guide to adding security considerations sections to manual pages

security(7)

introduction to security under FreeBSD

snmp_usm(3)

user-based security module for bsnmpd(1)

BN_security_bits(3)

returns bits of security based on given numbers

DH_size(3), DH_bits(3), DH_security_bits(3)

get Diffie-Hellman prime size and security bits

DSA_size(3), DSA_bits(3), DSA_security_bits(3)

get DSA signature size, key bits or security bits

EVP_PKEY_ASN1_METHOD(3), EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_copy(3), EVP_PKEY_asn1_free(3), EVP_PKEY_asn1_add0(3), EVP_PKEY_asn1_add_alias(3), EVP_PKEY_asn1_set_public(3), EVP_PKEY_asn1_set_private(3), EVP_PKEY_asn1_set_param(3), EVP_PKEY_asn1_set_free(3), EVP_PKEY_asn1_set_ctrl(3), EVP_PKEY_asn1_set_item(3), EVP_PKEY_asn1_set_siginf(3), EVP_PKEY_asn1_set_check(3), EVP_PKEY_asn1_set_public_check(3), EVP_PKEY_asn1_set_param_check(3), EVP_PKEY_asn1_set_security_bits(3), EVP_PKEY_asn1_set_set_priv_key(3), EVP_PKEY_asn1_set_set_pub_key(3), EVP_PKEY_asn1_set_get_priv_key(3), EVP_PKEY_asn1_set_get_pub_key(3), EVP_PKEY_get0_asn1(3)

manipulating and registering EVP_PKEY_ASN1_METHOD structure

EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3)

EVP_PKEY information functions

RSA_size(3), RSA_bits(3), RSA_security_bits(3)

get RSA modulus size or security bits

SSL_CTX_set_security_level(3), SSL_set_security_level(3), SSL_CTX_get_security_level(3), SSL_get_security_level(3), SSL_CTX_set_security_callback(3), SSL_set_security_callback(3), SSL_CTX_get_security_callback(3), SSL_get_security_callback(3), SSL_CTX_set0_security_ex_data(3), SSL_set0_security_ex_data(3), SSL_CTX_get0_security_ex_data(3), SSL_get0_security_ex_data(3)

SSL/TLS security framework

ALTER_POLICY(7)

change the definition of a row-level security policy

BN_security_bits(3)

returns bits of security based on given numbers

BN_security_bits(3ossl)

returns bits of security based on given numbers

CREATE_POLICY(7)

define a new row-level security policy for a table

CURLOPT_KRBLEVEL(3)

FTP kerberos security level

DH_size(3), DH_bits(3), DH_security_bits(3)

get Diffie-Hellman prime size and security bits

DH_size(3ossl), DH_bits(3ossl), DH_security_bits(3ossl)

get Diffie-Hellman prime size and security bits

DROP_POLICY(7)

remove a row-level security policy from a table

DSA_size(3), DSA_bits(3), DSA_security_bits(3)

get DSA signature size, key bits or security bits

DSA_size(3ossl), DSA_bits(3ossl), DSA_security_bits(3ossl)

get DSA signature size, key bits or security bits

EVP_PKEY_ASN1_METHOD(3), EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_copy(3), EVP_PKEY_asn1_free(3), EVP_PKEY_asn1_add0(3), EVP_PKEY_asn1_add_alias(3), EVP_PKEY_asn1_set_public(3), EVP_PKEY_asn1_set_private(3), EVP_PKEY_asn1_set_param(3), EVP_PKEY_asn1_set_free(3), EVP_PKEY_asn1_set_ctrl(3), EVP_PKEY_asn1_set_item(3), EVP_PKEY_asn1_set_siginf(3), EVP_PKEY_asn1_set_check(3), EVP_PKEY_asn1_set_public_check(3), EVP_PKEY_asn1_set_param_check(3), EVP_PKEY_asn1_set_security_bits(3), EVP_PKEY_asn1_set_set_priv_key(3), EVP_PKEY_asn1_set_set_pub_key(3), EVP_PKEY_asn1_set_get_priv_key(3), EVP_PKEY_asn1_set_get_pub_key(3), EVP_PKEY_get0_asn1(3)

manipulating and registering EVP_PKEY_ASN1_METHOD structure

EVP_PKEY_ASN1_METHOD(3ossl), EVP_PKEY_asn1_new(3ossl), EVP_PKEY_asn1_copy(3ossl), EVP_PKEY_asn1_free(3ossl), EVP_PKEY_asn1_add0(3ossl), EVP_PKEY_asn1_add_alias(3ossl), EVP_PKEY_asn1_set_public(3ossl), EVP_PKEY_asn1_set_private(3ossl), EVP_PKEY_asn1_set_param(3ossl), EVP_PKEY_asn1_set_free(3ossl), EVP_PKEY_asn1_set_ctrl(3ossl), EVP_PKEY_asn1_set_item(3ossl), EVP_PKEY_asn1_set_siginf(3ossl), EVP_PKEY_asn1_set_check(3ossl), EVP_PKEY_asn1_set_public_check(3ossl), EVP_PKEY_asn1_set_param_check(3ossl), EVP_PKEY_asn1_set_security_bits(3ossl), EVP_PKEY_asn1_set_set_priv_key(3ossl), EVP_PKEY_asn1_set_set_pub_key(3ossl), EVP_PKEY_asn1_set_get_priv_key(3ossl), EVP_PKEY_asn1_set_get_pub_key(3ossl), EVP_PKEY_get0_asn1(3ossl)

manipulating and registering EVP_PKEY_ASN1_METHOD structure

EVP_PKEY_get_size(3ossl), EVP_PKEY_get_bits(3ossl), EVP_PKEY_get_security_bits(3ossl), EVP_PKEY_bits(3ossl), EVP_PKEY_security_bits(3ossl), EVP_PKEY_size(3ossl)

EVP_PKEY information functions

EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3)

EVP_PKEY information functions

OSSL_ESS_signing_cert_new_init(3ossl), OSSL_ESS_signing_cert_v2_new_init(3ossl), OSSL_ESS_check_signing_certs(3ossl)

Enhanced Security Services (ESS) functions

RSA_size(3), RSA_bits(3), RSA_security_bits(3)

get RSA modulus size or security bits

RSA_size(3ossl), RSA_bits(3ossl), RSA_security_bits(3ossl)

get RSA modulus size or security bits

SECURITY_LABEL(7)

define or change a security label applied to an object

SSL_CTX_set_security_level(3), SSL_set_security_level(3), SSL_CTX_get_security_level(3), SSL_get_security_level(3), SSL_CTX_set_security_callback(3), SSL_set_security_callback(3), SSL_CTX_get_security_callback(3), SSL_get_security_callback(3), SSL_CTX_set0_security_ex_data(3), SSL_set0_security_ex_data(3), SSL_CTX_get0_security_ex_data(3), SSL_get0_security_ex_data(3)

SSL/TLS security framework

SSL_CTX_set_security_level(3ossl), SSL_set_security_level(3ossl), SSL_CTX_get_security_level(3ossl), SSL_get_security_level(3ossl), SSL_CTX_set_security_callback(3ossl), SSL_set_security_callback(3ossl), SSL_CTX_get_security_callback(3ossl), SSL_get_security_callback(3ossl), SSL_CTX_set0_security_ex_data(3ossl), SSL_set0_security_ex_data(3ossl), SSL_CTX_get0_security_ex_data(3ossl), SSL_get0_security_ex_data(3ossl)

SSL/TLS security framework

Xsecurity(7)

X display access control

amanda-security.conf(5)

Client configuration file for Amanda

audit.log(5), audit(5)

Basic Security Module (BSM) file format

cardos-tool(1)

displays information about Card OS-based security tokens or format them

dcfldd(1)

enhanced version of dd for forensics and security

dnie-tool(1)

displays information about DNIe based security tokens

eclat-lssg(1), eclat-describe-security-groups(1)

return information about security groups

eclat-mksg(1), eclat-create-security-group(1)

create security group eclat create-security-group

eclat-rmsg(1), eclat-delete-security-group(1)

delete security group

eclat-sg(1)

manipulate security groups

flawfinder(1)

lexically find potential security flaws ("hits") in source code

flow6(1)

A security assessment tool for the IPv6 Flow Label field

frag6(1)

A security assessment tool for IPv6 fragmentation

gchcon(1), chcon(1)

change file security context

gruncon(1), runcon(1)

run command with specified security context

gss_accept_sec_context(3), gss_acquire_cred(3), gss_add_cred(3), gss_add_oid_set_member(3), gss_canonicalize_name(3), gss_compare_name(3), gss_context_time(3), gss_create_empty_oid_set(3), gss_delete_sec_context(3), gss_display_name(3), gss_display_status(3), gss_duplicate_name(3), gss_export_name(3), gss_export_sec_context(3), gss_get_mic(3), gss_import_name(3), gss_import_sec_context(3), gss_indicate_mechs(3), gss_init_sec_context(3), gss_inquire_context(3), gss_inquire_cred(3), gss_inquire_cred_by_mech(3), gss_inquire_mechs_for_name(3), gss_inquire_names_for_mech(3), gss_krb5_ccache_name(3), gss_krb5_compat_des3_mic(3), gss_krb5_copy_ccache(3), gss_krb5_import_cred gsskrb5_extract_authz_data_from_sec_context(3), gsskrb5_register_acceptor_identity(3), gss_krb5_import_ccache(3), gss_krb5_get_tkt_flags(3), gss_process_context_token(3), gss_release_buffer(3), gss_release_cred(3), gss_release_name(3), gss_release_oid_set(3), gss_seal(3), gss_sign(3), gss_test_oid_set_member(3), gss_unseal(3), gss_unwrap(3), gss_verify(3), gss_verify_mic(3), gss_wrap(3), gss_wrap_size_limit(3)

Generic Security Service Application Program Interface library

gssapi(3)

Generic Security Service Application Program Interface library

icedtea-web(1)

provides a Free Software web browser plugin running applets written in the Java programming language and an implementation of Java Web Start, originally based on the NetX project. NetX allows Java applets and applications to be downloaded over the network, cached, and (by default) run in a secure sandbox environment. Subsequent runs of the applet download the latest version automatically. Update and security settings, among others, can be set using the itw-settings command. icedtea-web also includes a plugin to enable Java applets (http://www.java.com/en/download/testjava.jsp) within web browsers. Names and email addresses of contributors to this project can be found in the file AUTHORS in the IcedTea-Web root directory. The full GPLv2 license of this project can be found in the file COPYING in the IcedTea-Web root directory. News about releases of this project can be found in the file NEWS in the IcedTea-Web root directory

icmp6(1)

A security assessment tool for attack vectors based on ICMPv6 packets

ipv6toolkit(7)

An IPv6 security assessment and trouble-shooting toolkit

isnssetup(8)

a simple script to bootstrap an iSNS server, including security

itweb-policyeditor(1), policyeditor(1)

view and modify security policy settings for javaws and the browser plugin

jk_check(8)

a utility that will check a jail for security problems

jumbo6(1)

A security assessment tool for attack vectors based on IPv6 jumbograms

knocker(1)

An easy to use network security port scanner

libbsm(3)

Basic Security Module (BSM) Audit API

libcurl-security(3)

security considerations when using libcurl

lynis(8), Lynis(8)

System and security auditing tool

na6(1)

A security assessment tool for attack vectors based on ICMPv6 Neighbor Advertisement messages

nbdkit-security(1)

information about past security issues in nbdkit

ni6(1), nI6(1)

A security assessment tool for attack vectors based on ICMPv6 Node Information messages

nmap(1)

Network exploration tool and security / port scanner

ns6(1)

A security assessment tool for attack vectors based on ICMPv6 Neighbor Solicitation messages

ntfssecaudit(8)

NTFS Security Data Auditing

opensc-explorer(1)

generic interactive utility for accessing smart card and similar security token functions

pam_krb5_cchelper(8), /usr/local/lib/security/pam_krb5/pam_krb5_cchelper(8)

Credential cache helper

permview(1)

Viewer for declarative security permission sets inside assemblies

pkcs11-tool(1)

utility for managing and using PKCS #11 security tokens

pkcs15-tool(1)

utility for manipulating PKCS #15 data structures on smart cards and similar security tokens

ra6(1)

A security assessment tool for attack vectors based on ICMPv6 Router Advertisement messages

rats(1)

Rough Auditing Tool for Security

rd6(1)

A security assessment tool for attack vectors based on ICMPv6 Redirect messages

rpki-client(8)

RPKI validator to support BGP routing security

rs6(1)

A security assessment tool for attack vectors based on ICMPv6 Router Solicitation messages

security_fake_certverify(8)

A fake cert validation helper for Squid

security_file_certgen(8)

SSL certificate generator for Squid. Version 1.1

spmd(8)

Manages IPsec Security Policy for racoon2

sssd(8)

System Security Services Daemon

sudoers(5)

default sudo security policy plugin

tcp6(1)

A security assessment tool for TCP/IPv6 implementations

udp6(1)

A security assessment tool for UDP/IPv6 implementations

upscli_add_host_cert(3)

Register a security rule for an host

upscli_init(3)

Initialize upsclient module specifying security properties

xrdpwdadmin(8)

administer pwd security protocol passwords

zauth(3)

Class for authentication for ZeroMQ security mechanisms

zcert(3)

Class for work with CURVE security certificates

zcertstore(3)

Class for work with CURVE security certificate stores

zmq_null(7)

no security or confidentiality

Alien::Build::Manual::Security(3)

General alien author documentation

CAM::PDF::Decrypt(3)

PDF security helper

Finance::TW::TSEQuote(3)

Check stock quotes from Taiwan Security Exchange

HTML::FormHandler::Field::Captcha(3)

captcha field with GD::SecurityImage

HTTPD::Realm(3)

Database of HTTPD Security Realms

HTTPD::RealmManager(3)

Manage HTTPD server security realms

Imager::Security(3)

brief notes on security and image processing

Net::DRI::Protocol::EPP::Extensions::SecDNS(3)

EPP DNS Security Extensions (RFC4310) for Net::DRI

Net::LDAP::Security(3)

Security issues with LDAP connections

Net::NSCA::Client::Connection::TLS(3)

Represents the transport layer security on a connection

Netspoc(3)

A Network Security Policy Compiler

Paws::Chime::RegenerateSecurityToken(3)

Arguments for method RegenerateSecurityToken on Paws::Chime

Paws::Connect::AssociateSecurityKey(3)

Arguments for method AssociateSecurityKey on Paws::Connect

Paws::Connect::DisassociateSecurityKey(3)

Arguments for method DisassociateSecurityKey on Paws::Connect

Paws::Connect::ListSecurityKeys(3)

Arguments for method ListSecurityKeys on Paws::Connect

Paws::Connect::ListSecurityProfiles(3)

Arguments for method ListSecurityProfiles on Paws::Connect

Paws::Connect::UpdateUserSecurityProfiles(3)

Arguments for method UpdateUserSecurityProfiles on Paws::Connect

Paws::EC2::ApplySecurityGroupsToClientVpnTargetNetwork(3)

Arguments for method ApplySecurityGroupsToClientVpnTargetNetwork on Paws::EC2

Paws::EC2::AuthorizeSecurityGroupEgress(3)

Arguments for method AuthorizeSecurityGroupEgress on Paws::EC2

Paws::EC2::AuthorizeSecurityGroupIngress(3)

Arguments for method AuthorizeSecurityGroupIngress on Paws::EC2

Paws::EC2::CreateSecurityGroup(3)

Arguments for method CreateSecurityGroup on Paws::EC2

Paws::EC2::DeleteSecurityGroup(3)

Arguments for method DeleteSecurityGroup on Paws::EC2

Paws::EC2::DescribeSecurityGroupReferences(3)

Arguments for method DescribeSecurityGroupReferences on Paws::EC2

Paws::EC2::DescribeSecurityGroups(3)

Arguments for method DescribeSecurityGroups on Paws::EC2

Paws::EC2::DescribeStaleSecurityGroups(3)

Arguments for method DescribeStaleSecurityGroups on Paws::EC2

Paws::EC2::RevokeSecurityGroupEgress(3)

Arguments for method RevokeSecurityGroupEgress on Paws::EC2

Paws::EC2::RevokeSecurityGroupIngress(3)

Arguments for method RevokeSecurityGroupIngress on Paws::EC2

Paws::EC2::UpdateSecurityGroupRuleDescriptionsEgress(3)

Arguments for method UpdateSecurityGroupRuleDescriptionsEgress on Paws::EC2

Paws::EC2::UpdateSecurityGroupRuleDescriptionsIngress(3)

Arguments for method UpdateSecurityGroupRuleDescriptionsIngress on Paws::EC2

Paws::EFS::DescribeMountTargetSecurityGroups(3)

Arguments for method DescribeMountTargetSecurityGroups on Paws::EFS

Paws::EFS::ModifyMountTargetSecurityGroups(3)

Arguments for method ModifyMountTargetSecurityGroups on Paws::EFS

Paws::ELB::ApplySecurityGroupsToLoadBalancer(3)

Arguments for method ApplySecurityGroupsToLoadBalancer on Paws::ELB

Paws::ELBv2::SetSecurityGroups(3)

Arguments for method SetSecurityGroups on Paws::ELBv2

Paws::EMR::CreateSecurityConfiguration(3)

Arguments for method CreateSecurityConfiguration on Paws::EMR

Paws::EMR::DeleteSecurityConfiguration(3)

Arguments for method DeleteSecurityConfiguration on Paws::EMR

Paws::EMR::DescribeSecurityConfiguration(3)

Arguments for method DescribeSecurityConfiguration on Paws::EMR

Paws::EMR::ListSecurityConfigurations(3)

Arguments for method ListSecurityConfigurations on Paws::EMR

Paws::ElastiCache::AuthorizeCacheSecurityGroupIngress(3)

Arguments for method AuthorizeCacheSecurityGroupIngress on Paws::ElastiCache

Paws::ElastiCache::CreateCacheSecurityGroup(3)

Arguments for method CreateCacheSecurityGroup on Paws::ElastiCache

Paws::ElastiCache::DeleteCacheSecurityGroup(3)

Arguments for method DeleteCacheSecurityGroup on Paws::ElastiCache

Paws::ElastiCache::DescribeCacheSecurityGroups(3)

Arguments for method DescribeCacheSecurityGroups on Paws::ElastiCache

Paws::ElastiCache::RevokeCacheSecurityGroupIngress(3)

Arguments for method RevokeCacheSecurityGroupIngress on Paws::ElastiCache

Paws::Glue::CreateSecurityConfiguration(3)

Arguments for method CreateSecurityConfiguration on Paws::Glue

Paws::Glue::DeleteSecurityConfiguration(3)

Arguments for method DeleteSecurityConfiguration on Paws::Glue

Paws::Glue::GetSecurityConfiguration(3)

Arguments for method GetSecurityConfiguration on Paws::Glue

Paws::Glue::GetSecurityConfigurations(3)

Arguments for method GetSecurityConfigurations on Paws::Glue

Paws::IAM::SetSecurityTokenServicePreferences(3)

Arguments for method SetSecurityTokenServicePreferences on Paws::IAM

Paws::IoT::AttachSecurityProfile(3)

Arguments for method AttachSecurityProfile on Paws::IoT

Paws::IoT::CreateSecurityProfile(3)

Arguments for method CreateSecurityProfile on Paws::IoT

Paws::IoT::DeleteSecurityProfile(3)

Arguments for method DeleteSecurityProfile on Paws::IoT

Paws::IoT::DescribeSecurityProfile(3)

Arguments for method DescribeSecurityProfile on Paws::IoT

Paws::IoT::DetachSecurityProfile(3)

Arguments for method DetachSecurityProfile on Paws::IoT

Paws::IoT::ListSecurityProfiles(3)

Arguments for method ListSecurityProfiles on Paws::IoT

Paws::IoT::ListSecurityProfilesForTarget(3)

Arguments for method ListSecurityProfilesForTarget on Paws::IoT

Paws::IoT::ListTargetsForSecurityProfile(3)

Arguments for method ListTargetsForSecurityProfile on Paws::IoT

Paws::IoT::UpdateSecurityProfile(3)

Arguments for method UpdateSecurityProfile on Paws::IoT

Paws::IoT::ValidateSecurityProfileBehaviors(3)

Arguments for method ValidateSecurityProfileBehaviors on Paws::IoT

Paws::MediaLive::CreateInputSecurityGroup(3)

Arguments for method CreateInputSecurityGroup on Paws::MediaLive

Paws::MediaLive::DeleteInputSecurityGroup(3)

Arguments for method DeleteInputSecurityGroup on Paws::MediaLive

Paws::MediaLive::DescribeInputSecurityGroup(3)

Arguments for method DescribeInputSecurityGroup on Paws::MediaLive

Paws::MediaLive::ListInputSecurityGroups(3)

Arguments for method ListInputSecurityGroups on Paws::MediaLive

Paws::MediaLive::UpdateInputSecurityGroup(3)

Arguments for method UpdateInputSecurityGroup on Paws::MediaLive

Paws::RDS::AuthorizeDBSecurityGroupIngress(3)

Arguments for method AuthorizeDBSecurityGroupIngress on Paws::RDS

Paws::RDS::CreateDBSecurityGroup(3)

Arguments for method CreateDBSecurityGroup on Paws::RDS

Paws::RDS::DeleteDBSecurityGroup(3)

Arguments for method DeleteDBSecurityGroup on Paws::RDS

Paws::RDS::DescribeDBSecurityGroups(3)

Arguments for method DescribeDBSecurityGroups on Paws::RDS

Paws::RDS::RevokeDBSecurityGroupIngress(3)

Arguments for method RevokeDBSecurityGroupIngress on Paws::RDS

Paws::RedShift::AuthorizeClusterSecurityGroupIngress(3)

Arguments for method AuthorizeClusterSecurityGroupIngress on Paws::RedShift

Paws::RedShift::CreateClusterSecurityGroup(3)

Arguments for method CreateClusterSecurityGroup on Paws::RedShift

Paws::RedShift::DeleteClusterSecurityGroup(3)

Arguments for method DeleteClusterSecurityGroup on Paws::RedShift

Paws::RedShift::DescribeClusterSecurityGroups(3)

Arguments for method DescribeClusterSecurityGroups on Paws::RedShift

Paws::RedShift::RevokeClusterSecurityGroupIngress(3)

Arguments for method RevokeClusterSecurityGroupIngress on Paws::RedShift

Paws::STS(3)

Perl Interface to AWS AWS Security Token Service

Paws::SecurityHub(3)

Perl Interface to AWS AWS SecurityHub

Paws::SecurityHub::AcceptAdministratorInvitation(3)

Arguments for method AcceptAdministratorInvitation on Paws::SecurityHub

Paws::SecurityHub::AcceptInvitation(3)

Arguments for method AcceptInvitation on Paws::SecurityHub

Paws::SecurityHub::BatchDisableStandards(3)

Arguments for method BatchDisableStandards on Paws::SecurityHub

Paws::SecurityHub::BatchEnableStandards(3)

Arguments for method BatchEnableStandards on Paws::SecurityHub

Paws::SecurityHub::BatchImportFindings(3)

Arguments for method BatchImportFindings on Paws::SecurityHub

Paws::SecurityHub::BatchUpdateFindings(3)

Arguments for method BatchUpdateFindings on Paws::SecurityHub

Paws::SecurityHub::CreateActionTarget(3)

Arguments for method CreateActionTarget on Paws::SecurityHub

Paws::SecurityHub::CreateInsight(3)

Arguments for method CreateInsight on Paws::SecurityHub

Paws::SecurityHub::CreateMembers(3)

Arguments for method CreateMembers on Paws::SecurityHub

Paws::SecurityHub::DeclineInvitations(3)

Arguments for method DeclineInvitations on Paws::SecurityHub

Paws::SecurityHub::DeleteActionTarget(3)

Arguments for method DeleteActionTarget on Paws::SecurityHub

Paws::SecurityHub::DeleteInsight(3)

Arguments for method DeleteInsight on Paws::SecurityHub

Paws::SecurityHub::DeleteInvitations(3)

Arguments for method DeleteInvitations on Paws::SecurityHub

Paws::SecurityHub::DeleteMembers(3)

Arguments for method DeleteMembers on Paws::SecurityHub

Paws::SecurityHub::DescribeActionTargets(3)

Arguments for method DescribeActionTargets on Paws::SecurityHub

Paws::SecurityHub::DescribeHub(3)

Arguments for method DescribeHub on Paws::SecurityHub

Paws::SecurityHub::DescribeOrganizationConfiguration(3)

Arguments for method DescribeOrganizationConfiguration on Paws::SecurityHub

Paws::SecurityHub::DescribeProducts(3)

Arguments for method DescribeProducts on Paws::SecurityHub

Paws::SecurityHub::DescribeStandards(3)

Arguments for method DescribeStandards on Paws::SecurityHub

Paws::SecurityHub::DescribeStandardsControls(3)

Arguments for method DescribeStandardsControls on Paws::SecurityHub

Paws::SecurityHub::DisableImportFindingsForProduct(3)

Arguments for method DisableImportFindingsForProduct on Paws::SecurityHub

Paws::SecurityHub::DisableOrganizationAdminAccount(3)

Arguments for method DisableOrganizationAdminAccount on Paws::SecurityHub

Paws::SecurityHub::DisableSecurityHub(3)

Arguments for method DisableSecurityHub on Paws::SecurityHub

Paws::SecurityHub::DisassociateFromAdministratorAccount(3)

Arguments for method DisassociateFromAdministratorAccount on Paws::SecurityHub

Paws::SecurityHub::DisassociateFromMasterAccount(3)

Arguments for method DisassociateFromMasterAccount on Paws::SecurityHub

Paws::SecurityHub::DisassociateMembers(3)

Arguments for method DisassociateMembers on Paws::SecurityHub

Paws::SecurityHub::EnableImportFindingsForProduct(3)

Arguments for method EnableImportFindingsForProduct on Paws::SecurityHub

Paws::SecurityHub::EnableOrganizationAdminAccount(3)

Arguments for method EnableOrganizationAdminAccount on Paws::SecurityHub

Paws::SecurityHub::EnableSecurityHub(3)

Arguments for method EnableSecurityHub on Paws::SecurityHub

Paws::SecurityHub::GetAdministratorAccount(3)

Arguments for method GetAdministratorAccount on Paws::SecurityHub

Paws::SecurityHub::GetEnabledStandards(3)

Arguments for method GetEnabledStandards on Paws::SecurityHub

Paws::SecurityHub::GetFindings(3)

Arguments for method GetFindings on Paws::SecurityHub

Paws::SecurityHub::GetInsightResults(3)

Arguments for method GetInsightResults on Paws::SecurityHub

Paws::SecurityHub::GetInsights(3)

Arguments for method GetInsights on Paws::SecurityHub

Paws::SecurityHub::GetInvitationsCount(3)

Arguments for method GetInvitationsCount on Paws::SecurityHub

Paws::SecurityHub::GetMasterAccount(3)

Arguments for method GetMasterAccount on Paws::SecurityHub

Paws::SecurityHub::GetMembers(3)

Arguments for method GetMembers on Paws::SecurityHub

Paws::SecurityHub::InviteMembers(3)

Arguments for method InviteMembers on Paws::SecurityHub

Paws::SecurityHub::ListEnabledProductsForImport(3)

Arguments for method ListEnabledProductsForImport on Paws::SecurityHub

Paws::SecurityHub::ListInvitations(3)

Arguments for method ListInvitations on Paws::SecurityHub

Paws::SecurityHub::ListMembers(3)

Arguments for method ListMembers on Paws::SecurityHub

Paws::SecurityHub::ListOrganizationAdminAccounts(3)

Arguments for method ListOrganizationAdminAccounts on Paws::SecurityHub

Paws::SecurityHub::ListTagsForResource(3)

Arguments for method ListTagsForResource on Paws::SecurityHub

Paws::SecurityHub::TagResource(3)

Arguments for method TagResource on Paws::SecurityHub

Paws::SecurityHub::UntagResource(3)

Arguments for method UntagResource on Paws::SecurityHub

Paws::SecurityHub::UpdateActionTarget(3)

Arguments for method UpdateActionTarget on Paws::SecurityHub

Paws::SecurityHub::UpdateFindings(3)

Arguments for method UpdateFindings on Paws::SecurityHub

Paws::SecurityHub::UpdateInsight(3)

Arguments for method UpdateInsight on Paws::SecurityHub

Paws::SecurityHub::UpdateOrganizationConfiguration(3)

Arguments for method UpdateOrganizationConfiguration on Paws::SecurityHub

Paws::SecurityHub::UpdateSecurityHubConfiguration(3)

Arguments for method UpdateSecurityHubConfiguration on Paws::SecurityHub

Paws::SecurityHub::UpdateStandardsControl(3)

Arguments for method UpdateStandardsControl on Paws::SecurityHub

Paws::StorageGateway::UpdateSMBSecurityStrategy(3)

Arguments for method UpdateSMBSecurityStrategy on Paws::StorageGateway

Paws::Transfer::DescribeSecurityPolicy(3)

Arguments for method DescribeSecurityPolicy on Paws::Transfer

Paws::Transfer::ListSecurityPolicies(3)

Arguments for method ListSecurityPolicies on Paws::Transfer

SNMP::Info::CiscoPortSecurity(3)

SNMP Interface to data from CISCO-PORT-SECURITY-MIB, CISCO-PAE-MIB and CISCO-ERR-DISABLE-MIB

SNMP::Info::Layer3::CiscoASA(3)

Cisco Adaptive Security Appliance

SNMP::Info::Layer3::Genua(3)

SNMP Interface to Genua security devices

SNMP::Info::Layer7::CiscoIPS(3)

Cisco Adaptive Security Appliance IPS module

SPOPS(3)

-- Simple Perl Object Persistence with Security

SPOPS::Exception::Security(3)

SPOPS exception with extra security parameters

SPOPS::Manual::Security(3)

SPOPS security system and how you can customize

SPOPS::Secure(3)

Implement security across one or more classes of SPOPS objects

SPOPS::Secure::DBI(3), SPOPS::Security::DBI(3)

Implement a security object and basic operations for DBI datasources

SPOPS::Secure::Hierarchy(3)

Define hierarchical security

SPOPS::Secure::Loopback(3)

Security object implementation for testing (loopback) objects

Security::TLSCheck(3)

Application for checking server's TLS capability

Security::TLSCheck::App(3)

-- CLI part of TLS check application

Security::TLSCheck::App::DomainFilter(3)

-- change wrong domain names into correct ones, if possible

Security::TLSCheck::App::Parallel(3)

-- run everything in parallel

Security::TLSCheck::Checks(3)

Base class for all checks

Security::TLSCheck::Checks::AgeDE(3)

Checks, if a host has an age-de.xml file

Security::TLSCheck::Checks::CipherStrength(3)

Check Strength of CipherSuites and SSL/TLS Version

Security::TLSCheck::Checks::CipherStrengthOnlyValidCerts(3)

Check Strength of CipherSuites and SSL/TLS Version, but only for domains with valid certficates

Security::TLSCheck::Checks::DNS(3)

Basic DNS Checks

Security::TLSCheck::Checks::Dummy(3)

Simple dummy check as example

Security::TLSCheck::Checks::FinalScore(3)

Creates a summary score out of the other tests

Security::TLSCheck::Checks::Heartbleed(3)

Heartbleed checks

Security::TLSCheck::Checks::Helper::MX(3)

Get all MX, cache if already checked,

Security::TLSCheck::Checks::Helper::Timing(3)

Timing helpers for run_check

Security::TLSCheck::Checks::Mail(3)

Checks mailservers for TLS capability

Security::TLSCheck::Checks::MailCipherStrength(3)

Checks mailservers for supported CipherSuites

Security::TLSCheck::Checks::Web(3)

(Basic) HTTP and HTTPS Checks

Security::TLSCheck::Result(3)

-- Result storage, aggregation and output

Security::TLSCheck::Result::CSV(3)

-- CSV output role

Servlet::Util::Principal(3)

security principal interface

Sisimai::Lhost::InterScanMSS(3)

bounce mail parser class for "Trend Micro InterScan Messaging Security Suite"

Sisimai::Reason::SecurityError(3)

Bounce reason is "securityerror" or not

VM::EC2::DB::EC2SecurityGroup(3)

An RDS Database EC2 Security Group

VM::EC2::DB::SecurityGroup(3)

An RDS Database Security Group

VM::EC2::DB::SecurityGroup::Membership(3)

An RDS Database Security Group Membership

VM::EC2::DB::VpcSecurityGroup::Membership(3)

An RDS Database VPC Security Group Membership

VM::EC2::Group(3)

Object describing an Amazon EC2 security group name

VM::EC2::Security::CredentialCache(3)

-- Cache credentials respecting expiration time for IAM roles

VM::EC2::Security::Credentials(3)

-- Temporary security credentials for EC2

VM::EC2::Security::FederatedUser(3)

-- Federated user object

VM::EC2::Security::Policy(3)

-- Simple IAM policy generator for EC2

VM::EC2::Security::Token(3)

Temporary security token object

VM::EC2::SecurityGroup(3)

Object describing an Amazon EC2 security group

VM::EC2::SecurityGroup::GroupPermission(3)

Object describing an authorized group within a security group firewall rule

VM::EC2::SecurityGroup::IpPermission(3)

Object describing a firewall rule in an EC2 security group

ZoneMinder::Control::PSIA(3)

Perl module for cameras implementing the PSIA (Physical Security Interoperability Alliance), IP Media Devices API specification

certbot(1)

certbot script documentation 0.0 3.5 C usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. The most common SUBCOMMANDS and flags are: obtain, install, and renew certificates: (default) run Obtain & install a certificate in your current webserver certonly Obtain or renew a certificate, but do not install it renew Renew all previously obtained certificates that are near expiry enhance Add security enhancements to your existing configuration -d DOMAINS Comma-separated list of domains to obtain a certificate for --apache Use the Apache plugin for authentication & installation --standalone Run a standalone webserver for authentication --nginx Use the Nginx plugin for authentication & installation --webroot Place files in a server(aqs webroot folder for authentication --manual Obtain certificates interactively, or using shell script hooks -n Run non-interactively --test-cert Obtain a test certificate from a staging server --dry-run Test "renew" or "certonly" without saving any certificates to disk manage certificates: certificates Display information about certificates you have from Certbot revoke Revoke a certificate (supply --cert-name or --cert-path) delete Delete a certificate (supply --cert-name) manage your account: register Create an ACME account unregister Deactivate an ACME account update_account Update an ACME account show_account Display account details --agree-tos Agree to the ACME server(aqs Subscriber Agreement -m EMAIL Email address for important account notifications options: -h, --help show this help message and exit -c CONFIG_FILE, --config CONFIG_FILE path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini) -v, --verbose This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: 0) --max-log-backups MAX_LOG_BACKUPS Specifies the maximum number of backup logs that should be kept by Certbot(aqs built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file. (default: 1000) -n, --non-interactive, --noninteractive Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing (default: False) --force-interactive Force Certbot to be interactive even if it detects it(aqs not being run in a terminal. This flag cannot be used with the renew subcommand. (default: False) -d DOMAIN, --domains DOMAIN, --domain DOMAIN Domain names to apply. For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths for the certificate and related material unless otherwise specified or you already have a certificate with the same name. In the case of a name collision it will append a number like 0001 to the file path name. (default: Ask) --eab-kid EAB_KID Key Identifier for External Account Binding (default: None) --eab-hmac-key EAB_HMAC_KEY HMAC key for External Account Binding (default: None) --cert-name CERTNAME Certificate name to apply. This name is used by Certbot for housekeeping and in file paths; it doesn(aqt affect the content of the certificate itself. To see certificate names, run (aqcertbot certificates(aq. When creating a new certificate, specifies the new certificate(aqs name. (default: the first provided domain or the name of an existing certificate on your system for the same domains) --dry-run Perform a test run of the client, obtaining test (invalid) certificates but not saving them to disk. This can currently only be used with the (aqcertonly(aq and (aqrenew(aq subcommands. Note: Although --dry-run tries to avoid making any persistent changes on a system, it is not completely side-effect free: if used with webserver authenticator plugins like apache and nginx, it makes and then reverts temporary config changes in order to obtain test certificates, and reloads webservers to deploy and then roll back those changes. It also calls --pre-hook and --post-hook commands if they are defined because they may be necessary to accurately simulate renewal. --deploy- hook commands are not called. (default: False) --debug-challenges After setting up challenges, wait for user input before submitting to CA. When used in combination with the (ga-v(ga option, the challenge URLs or FQDNs and their expected return values are shown. (default: False) --preferred-chain PREFERRED_CHAIN Set the preferred certificate chain. If the CA offers multiple certificate chains, prefer the chain whose topmost certificate was issued from this Subject Common Name. If no match, the default offered chain will be used. (default: None) --preferred-challenges PREF_CHALLS A sorted, comma delimited list of the preferred challenge to use during authorization with the most preferred challenge listed first (Eg, "dns" or "http,dns"). Not all plugins support all challenges. See https://certbot.eff.org/docs/using.html#plugins for details. ACME Challenges are versioned, but if you pick "http" rather than "http-01", Certbot will select the latest version automatically. (default: []) --issuance-timeout ISSUANCE_TIMEOUT This option specifies how long (in seconds) Certbot will wait for the server to issue a certificate. (default: 90) --user-agent USER_AGENT Set a custom user agent string for the client. User agent strings allow the CA to collect high level statistics about success rates by OS, plugin and use case, and to know when to deprecate support for past Python versions and flags. If you wish to hide this information from the Let(aqs Encrypt server, set this to "". (default: CertbotACMEClient/2.0.0 (certbot; OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY (SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel). The flags encoded in the user agent are: --duplicate, --force-renew, --allow-subset-of-names, -n, and whether any hooks are set. --user-agent-comment USER_AGENT_COMMENT Add a comment to the default user agent string. May be used when repackaging Certbot or calling it from another tool to allow additional statistical data to be collected. Ignored if --user-agent is set. (Example: Foo-Wrapper/1.0) (default: None) automation: Flags for automating execution & other tweaks --keep-until-expiring, --keep, --reinstall If the requested certificate matches an existing certificate, always keep the existing one until it is due for renewal (for the (aqrun(aq subcommand this means reinstall the existing certificate). (default: Ask) --expand If an existing certificate is a strict subset of the requested names, always expand and replace it with the additional names. (default: Ask) --version show program(aqs version number and exit --force-renewal, --renew-by-default If a certificate already exists for the requested domains, renew it now, regardless of whether it is near expiry. (Often --keep-until-expiring is more appropriate). Also implies --expand. (default: False) --renew-with-new-domains If a certificate already exists for the requested certificate name but does not match the requested domains, renew it now, regardless of whether it is near expiry. (default: False) --reuse-key When renewing, use the same private key as the existing certificate. (default: False) --no-reuse-key When renewing, do not use the same private key as the existing certificate. Not reusing private keys is the default behavior of Certbot. This option may be used to unset --reuse-key on an existing certificate. (default: False) --new-key When renewing or replacing a certificate, generate a new private key, even if --reuse-key is set on the existing certificate. Combining --new-key and --reuse- key will result in the private key being replaced and then reused in future renewals. (default: False) --allow-subset-of-names When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. This option cannot be used with --csr. (default: False) --agree-tos Agree to the ACME Subscriber Agreement (default: Ask) --duplicate Allow making a certificate lineage that duplicates an existing one (both can be renewed in parallel) (default: False) -q, --quiet Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False) security: Security parameters & server settings --rsa-key-size N Size of the RSA key. (default: 2048) --key-type {rsa,ecdsa} Type of generated private key. Only *ONE* per invocation can be provided at this time. (default: ecdsa) --elliptic-curve N The SECG elliptic curve name to use. Please see RFC 8446 for supported values. (default: secp256r1) --must-staple Adds the OCSP Must-Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). (default: False) --redirect Automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. (default: redirect enabled for install and run, disabled for enhance) --no-redirect Do not automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. (default: redirect enabled for install and run, disabled for enhance) --hsts Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use SSL for the domain. Defends against SSL Stripping. (default: None) --uir Add the "Content-Security-Policy: upgrade-insecure- requests" header to every HTTP response. Forcing the browser to use https:// for every http:// resource. (default: None) --staple-ocsp Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS. (default: None) --strict-permissions Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/ (default: False) --auto-hsts Gradually increasing max-age value for HTTP Strict Transport Security security header (default: False) testing: The following flags are meant for testing and integration purposes only. --test-cert, --staging Use the staging server to obtain or revoke test (invalid) certificates; equivalent to --server https://acme-staging-v02.api.letsencrypt.org/directory (default: False) --debug Show tracebacks in case of errors (default: False) --no-verify-ssl Disable verification of the ACME server(aqs certificate. The root certificates trusted by Certbot can be overriden by setting the REQUESTS_CA_BUNDLE environment variable. (default: False) --http-01-port HTTP01_PORT Port used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. (default: 80) --http-01-address HTTP01_ADDRESS The address the server listens to during http-01 challenge. (default: ) --https-port HTTPS_PORT Port used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. (default: 443) --break-my-certs Be willing to replace or renew valid certificates with invalid (testing/staging) certificates (default: False) paths: Flags for changing execution paths & servers --cert-path CERT_PATH Path to where certificate is saved (with certonly --csr), installed from, or revoked (default: None) --key-path KEY_PATH Path to private key for certificate installation or revocation (if account key is missing) (default: None) --fullchain-path FULLCHAIN_PATH Accompanying path to a full certificate chain (certificate plus chain). (default: None) --chain-path CHAIN_PATH Accompanying path to a certificate chain. (default: None) --config-dir CONFIG_DIR Configuration directory. (default: /etc/letsencrypt) --work-dir WORK_DIR Working directory. (default: /var/lib/letsencrypt) --logs-dir LOGS_DIR Logs directory. (default: /var/log/letsencrypt) --server SERVER ACME Directory Resource URI. (default: https://acme-v02.api.letsencrypt.org/directory) manage: Various subcommands and flags are available for managing your certificates: certificates List certificates managed by Certbot delete Clean up all files related to a certificate renew Renew all certificates (or one specified with --cert- name) revoke Revoke a certificate specified with --cert-path or --cert-name update_symlinks Recreate symlinks in your /etc/letsencrypt/live/ directory run: Options for obtaining & installing certificates certonly: Options for modifying how a certificate is obtained --csr CSR Path to a Certificate Signing Request (CSR) in DER or PEM format. Currently --csr only works with the (aqcertonly(aq subcommand. (default: None) renew: The (aqrenew(aq subcommand will attempt to renew any certificates previously obtained if they are close to expiry, and print a summary of the results. By default, (aqrenew(aq will reuse the plugins and options used to obtain or most recently renew each certificate. You can test whether future renewals will succeed with (ga--dry-run(ga. Individual certificates can be renewed with the (ga--cert-name(ga option. Hooks are available to run commands before and after renewal; see https://certbot.eff.org/docs/using.html#renewal for more information on these. --pre-hook PRE_HOOK Command to be run in a shell before obtaining any certificates. Intended primarily for renewal, where it can be used to temporarily shut down a webserver that might conflict with the standalone plugin. This will only be called if a certificate is actually to be obtained/renewed. When renewing several certificates that have identical pre-hooks, only the first will be executed. (default: None) --post-hook POST_HOOK Command to be run in a shell after attempting to obtain/renew certificates. Can be used to deploy renewed certificates, or to restart any servers that were stopped by --pre-hook. This is only run if an attempt was made to obtain/renew a certificate. If multiple renewed certificates have identical post- hooks, only one will be run. (default: None) --deploy-hook DEPLOY_HOOK Command to be run in a shell once for each successfully issued certificate. For this command, the shell variable $RENEWED_LINEAGE will point to the config live subdirectory (for example, "/etc/letsencrypt/live/example.com") containing the new certificates and keys; the shell variable $RENEWED_DOMAINS will contain a space-delimited list of renewed certificate domains (for example, "example.com www.example.com") (default: None) --disable-hook-validation Ordinarily the commands specified for --pre- hook/--post-hook/--deploy-hook will be checked for validity, to see if the programs being run are in the $PATH, so that mistakes can be caught early, even when the hooks aren(aqt being run just yet. The validation is rather simplistic and fails if you use more advanced shell constructs, so you can use this switch to disable it. (default: False) --no-directory-hooks Disable running executables found in Certbot(aqs hook directories during renewal. (default: False) --disable-renew-updates Disable automatic updates to your server configuration that would otherwise be done by the selected installer plugin, and triggered when the user executes "certbot renew", regardless of if the certificate is renewed. This setting does not apply to important TLS configuration updates. (default: False) --no-autorenew Disable auto renewal of certificates. (default: False) certificates: List certificates managed by Certbot delete: Options for deleting a certificate revoke: Options for revocation of certificates --reason {unspecified,keycompromise,affiliationchanged,superseded,cessationofoperation} Specify reason for revoking certificate. (default: unspecified) --delete-after-revoke Delete certificates after revoking them, along with all previous and later versions of those certificates. (default: None) --no-delete-after-revoke Do not delete certificates after revoking them. This option should be used with caution because the (aqrenew(aq subcommand will attempt to renew undeleted revoked certificates. (default: None) register: Options for account registration --register-unsafely-without-email Specifying this flag enables registering an account with no email address. This is strongly discouraged, because you will be unable to receive notice about impending expiration or revocation of your certificates or problems with your Certbot installation that will lead to failure to renew. (default: False) -m EMAIL, --email EMAIL Email used for registration and recovery contact. Use comma to register multiple emails, ex: u1@example.com,u2@example.com. (default: Ask). --eff-email Share your e-mail address with EFF (default: None) --no-eff-email Don(aqt share your e-mail address with EFF (default: None) update_account: Options for account modification unregister: Options for account deactivation. --account ACCOUNT_ID Account ID to use (default: None) install: Options for modifying how a certificate is deployed rollback: Options for rolling back server configuration changes --checkpoints N Revert configuration N number of checkpoints. (default: 1) plugins: Options for the "plugins" subcommand --init Initialize plugins. (default: False) --prepare Initialize and prepare plugins. (default: False) --authenticators Limit to authenticator plugins only. (default: None) --installers Limit to installer plugins only. (default: None) update_symlinks: Recreates certificate and key symlinks in /etc/letsencrypt/live, if you changed them by hand or edited a renewal configuration file enhance: Helps to harden the TLS configuration by adding security enhancements to already existing configuration. show_account: Options useful for the "show_account" subcommand: plugins: Plugin Selection: Certbot client supports an extensible plugins architecture. See (aqcertbot plugins(aq for a list of all installed plugins and their names. You can force a particular plugin by setting options provided below. Running --help <plugin_name> will list flags specific to that plugin. --configurator CONFIGURATOR Name of the plugin that is both an authenticator and an installer. Should not be used together with --authenticator or --installer. (default: Ask) -a AUTHENTICATOR, --authenticator AUTHENTICATOR Authenticator plugin name. (default: None) -i INSTALLER, --installer INSTALLER Installer plugin name (also used to find domains). (default: None) --apache Obtain and install certificates using Apache (default: False) --nginx Obtain and install certificates using Nginx (default: False) --standalone Obtain certificates using a "standalone" webserver. (default: False) --manual Provide laborious manual instructions for obtaining a certificate (default: False) --webroot Obtain certificates by placing files in a webroot directory. (default: False) --dns-cloudflare Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS). (default: False) --dns-digitalocean Obtain certificates using a DNS TXT record (if you are using DigitalOcean for DNS). (default: False) --dns-dnsimple Obtain certificates using a DNS TXT record (if you are using DNSimple for DNS). (default: False) --dns-dnsmadeeasy Obtain certificates using a DNS TXT record (if you are using DNS Made Easy for DNS). (default: False) --dns-gehirn Obtain certificates using a DNS TXT record (if you are using Gehirn Infrastructure Service for DNS). (default: False) --dns-google Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS). (default: False) --dns-linode Obtain certificates using a DNS TXT record (if you are using Linode for DNS). (default: False) --dns-luadns Obtain certificates using a DNS TXT record (if you are using LuaDNS for DNS). (default: False) --dns-nsone Obtain certificates using a DNS TXT record (if you are using NS1 for DNS). (default: False) --dns-ovh Obtain certificates using a DNS TXT record (if you are using OVH for DNS). (default: False) --dns-rfc2136 Obtain certificates using a DNS TXT record (if you are using BIND for DNS). (default: False) --dns-route53 Obtain certificates using a DNS TXT record (if you are using Route53 for DNS). (default: False) --dns-sakuracloud Obtain certificates using a DNS TXT record (if you are using Sakura Cloud for DNS). (default: False) apache: Apache Web Server plugin (Please note that the default values of the Apache plugin options change depending on the operating system Certbot is run on.) --apache-enmod APACHE_ENMOD Path to the Apache (aqa2enmod(aq binary (default: None) --apache-dismod APACHE_DISMOD Path to the Apache (aqa2dismod(aq binary (default: None) --apache-le-vhost-ext APACHE_LE_VHOST_EXT SSL vhost configuration extension (default: -le- ssl.conf) --apache-server-root APACHE_SERVER_ROOT Apache server root directory (default: /etc/apache2) --apache-vhost-root APACHE_VHOST_ROOT Apache server VirtualHost configuration root (default: None) --apache-logs-root APACHE_LOGS_ROOT Apache server logs directory (default: /var/log/apache2) --apache-challenge-location APACHE_CHALLENGE_LOCATION Directory path for challenge configuration (default: /etc/apache2) --apache-handle-modules APACHE_HANDLE_MODULES Let installer handle enabling required modules for you (Only Ubuntu/Debian currently) (default: False) --apache-handle-sites APACHE_HANDLE_SITES Let installer handle enabling sites for you (Only Ubuntu/Debian currently) (default: False) --apache-ctl APACHE_CTL Full path to Apache control script (default: apache2ctl) --apache-bin APACHE_BIN Full path to apache2/httpd binary (default: None) dns-cloudflare: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS). --dns-cloudflare-propagation-seconds DNS_CLOUDFLARE_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 10) --dns-cloudflare-credentials DNS_CLOUDFLARE_CREDENTIALS Cloudflare credentials INI file. (default: None) dns-digitalocean: Obtain certificates using a DNS TXT record (if you are using DigitalOcean for DNS). --dns-digitalocean-propagation-seconds DNS_DIGITALOCEAN_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 10) --dns-digitalocean-credentials DNS_DIGITALOCEAN_CREDENTIALS DigitalOcean credentials INI file. (default: None) dns-dnsimple: Obtain certificates using a DNS TXT record (if you are using DNSimple for DNS). --dns-dnsimple-propagation-seconds DNS_DNSIMPLE_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 30) --dns-dnsimple-credentials DNS_DNSIMPLE_CREDENTIALS DNSimple credentials INI file. (default: None) dns-dnsmadeeasy: Obtain certificates using a DNS TXT record (if you are using DNS Made Easy for DNS). --dns-dnsmadeeasy-propagation-seconds DNS_DNSMADEEASY_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 60) --dns-dnsmadeeasy-credentials DNS_DNSMADEEASY_CREDENTIALS DNS Made Easy credentials INI file. (default: None) dns-gehirn: Obtain certificates using a DNS TXT record (if you are using Gehirn Infrastructure Service for DNS). --dns-gehirn-propagation-seconds DNS_GEHIRN_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 30) --dns-gehirn-credentials DNS_GEHIRN_CREDENTIALS Gehirn Infrastructure Service credentials file. (default: None) dns-google: Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS for DNS). --dns-google-propagation-seconds DNS_GOOGLE_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 60) --dns-google-credentials DNS_GOOGLE_CREDENTIALS Path to Google Cloud DNS service account JSON file. (See https://developers.google.com/identity/protocols/ OAuth2ServiceAccount#creatinganaccount forinformation about creating a service account and https://cloud.google.com/dns/access- control#permissions_and_roles for information about therequired permissions.) (default: None) dns-linode: Obtain certificates using a DNS TXT record (if you are using Linode for DNS). --dns-linode-propagation-seconds DNS_LINODE_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 120) --dns-linode-credentials DNS_LINODE_CREDENTIALS Linode credentials INI file. (default: None) dns-luadns: Obtain certificates using a DNS TXT record (if you are using LuaDNS for DNS). --dns-luadns-propagation-seconds DNS_LUADNS_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 30) --dns-luadns-credentials DNS_LUADNS_CREDENTIALS LuaDNS credentials INI file. (default: None) dns-nsone: Obtain certificates using a DNS TXT record (if you are using NS1 for DNS). --dns-nsone-propagation-seconds DNS_NSONE_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 30) --dns-nsone-credentials DNS_NSONE_CREDENTIALS NS1 credentials file. (default: None) dns-ovh: Obtain certificates using a DNS TXT record (if you are using OVH for DNS). --dns-ovh-propagation-seconds DNS_OVH_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 120) --dns-ovh-credentials DNS_OVH_CREDENTIALS OVH credentials INI file. (default: None) dns-rfc2136: Obtain certificates using a DNS TXT record (if you are using BIND for DNS). --dns-rfc2136-propagation-seconds DNS_RFC2136_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 60) --dns-rfc2136-credentials DNS_RFC2136_CREDENTIALS RFC 2136 credentials INI file. (default: None) dns-route53: Obtain certificates using a DNS TXT record (if you are using AWS Route53 for DNS). --dns-route53-propagation-seconds DNS_ROUTE53_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 10) dns-sakuracloud: Obtain certificates using a DNS TXT record (if you are using Sakura Cloud for DNS). --dns-sakuracloud-propagation-seconds DNS_SAKURACLOUD_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 90) --dns-sakuracloud-credentials DNS_SAKURACLOUD_CREDENTIALS Sakura Cloud credentials file. (default: None) manual: Authenticate through manual configuration or custom shell scripts. When using shell scripts, an authenticator script must be provided. The environment variables available to this script depend on the type of challenge. $CERTBOT_DOMAIN will always contain the domain being authenticated. For HTTP-01 and DNS-01, $CERTBOT_VALIDATION is the validation string, and $CERTBOT_TOKEN is the filename of the resource requested when performing an HTTP-01 challenge. An additional cleanup script can also be provided and can use the additional variable $CERTBOT_AUTH_OUTPUT which contains the stdout output from the auth script. For both authenticator and cleanup script, on HTTP-01 and DNS-01 challenges, $CERTBOT_REMAINING_CHALLENGES will be equal to the number of challenges that remain after the current one, and $CERTBOT_ALL_DOMAINS contains a comma-separated list of all domains that are challenged for the current certificate. --manual-auth-hook MANUAL_AUTH_HOOK Path or command to execute for the authentication script (default: None) --manual-cleanup-hook MANUAL_CLEANUP_HOOK Path or command to execute for the cleanup script (default: None) nginx: Nginx Web Server plugin --nginx-server-root NGINX_SERVER_ROOT Nginx server root directory. (default: /etc/nginx or /usr/local/etc/nginx) --nginx-ctl NGINX_CTL Path to the (aqnginx(aq binary, used for (aqconfigtest(aq and retrieving nginx version number. (default: nginx) --nginx-sleep-seconds NGINX_SLEEP_SECONDS Number of seconds to wait for nginx configuration changes to apply when reloading. (default: 1) null: Null Installer standalone: Spin up a temporary webserver webroot: Place files in webroot directory --webroot-path WEBROOT_PATH, -w WEBROOT_PATH public_html / webroot path. This can be specified multiple times to handle different domains; each domain will have the webroot path that preceded it. For instance: (ga-w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.net -d m.thing.net(ga (default: Ask) --webroot-map WEBROOT_MAP JSON dictionary mapping domains to webroot paths; this implies -d for each entry. You may need to escape this from your shell. E.g.: --webroot-map (aq{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}(aq This option is merged with, but takes precedence over, -w / -d entries. At present, if you put webroot-map in a config file, it needs to be on a single line, like: webroot-map = {"example.com":"/var/www"}. (default: {}) P

greenbone-nvt-sync(8)

updates the OpenVAS NVTs from Greenbone Security Feed or Community Feed

gsad(8)

Greenbone Security Assistant of the Greenbone Vulnerability Management

hyperhotp(1)

program hyperFIDO USB security key HOTP feature

kitty.conf(5)

kitty.conf Documentation kitty is highly customizable, everything from keyboard shortcuts, to rendering frames-per-second. See below for an overview of all customization possibilities. You can open the config file within kitty by pressing %ctrl+shift+f2 (⌘+, on macOS). A kitty.conf with commented default configurations and descriptions will be created if the file does not exist. You can reload the config file within kitty by pressing %ctrl+shift+f5 (⌃+⌘+, on macOS) or sending kitty the SIGUSR1 signal. You can also display the current configuration by pressing %ctrl+shift+f6 (⌥+⌘+, on macOS). kitty looks for a config file in the OS config directories (usually ~/.config/kitty/kitty.conf) but you can pass a specific path via the %kitty --config option or use the %KITTY_CONFIG_DIRECTORY environment variable. See %kitty --config for full details. Comments can be added to the config file as lines starting with the # character. This works only if the # character is the first character in the line. You can include secondary config files via the include directive. If you use a relative path for include, it is resolved with respect to the location of the current config file. Note that environment variables are expanded, so ${USER}.conf becomes name.conf if USER=name. Also, you can use globinclude to include files matching a shell glob pattern and envinclude to include configuration from environment variables. For example: 0.0 3.5 C include other.conf # Include *.conf files from all subdirs of kitty.d inside the kitty config dir globinclude kitty.d/**/*.conf # Include the *contents* of all env vars starting with KITTY_CONF_ envinclude KITTY_CONF_* P NOTE: 0.0 3.5 Syntax highlighting for kitty.conf in vim is available via %vim-kitty. kitty has very powerful font management. You can configure individual font faces and even specify special fonts for particular characters. 0.0 font_family, bold_font, italic_font, bold_italic_font 0.0 3.5 C font_family monospace bold_font auto italic_font auto bold_italic_font auto P You can specify different fonts for the bold/italic/bold-italic variants. To get a full list of supported fonts use the kitty +list-fonts command. By default they are derived automatically, by the OSes font system. When %bold_font or %bold_italic_font is set to auto on macOS, the priority of bold fonts is semi-bold, bold, heavy. Setting them manually is useful for font families that have many weight variants like Book, Medium, Thick, etc. For example: 0.0 3.5 C font_family Operator Mono Book bold_font Operator Mono Medium italic_font Operator Mono Book Italic bold_italic_font Operator Mono Medium Italic P 0.0 font_size 0.0 3.5 C font_size 11.0 P Font size (in pts) 0.0 force_ltr 0.0 3.5 C force_ltr no P kitty does not support BIDI (bidirectional text), however, for RTL scripts, words are automatically displayed in RTL. That is to say, in an RTL script, the words (dqHELLO WORLD(dq display in kitty as (dqWORLD HELLO(dq, and if you try to select a substring of an RTL-shaped string, you will get the character that would be there had the the string been LTR. For example, assuming the Hebrew word ירושלים, selecting the character that on the screen appears to be ם actually writes into the selection buffer the character י. kitty(aqs default behavior is useful in conjunction with a filter to reverse the word order, however, if you wish to manipulate RTL glyphs, it can be very challenging to work with, so this option is provided to turn it off. Furthermore, this option can be used with the command line program %GNU FriBidi to get BIDI support, because it will force kitty to always treat the text as LTR, which FriBidi expects for terminals. 0.0 symbol_map 0.0 3.5 C symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 PowerlineSymbols P Map the specified Unicode codepoints to a particular font. Useful if you need special rendering for some symbols, such as for Powerline. Avoids the need for patched fonts. Each Unicode code point is specified in the form U+<code point in hexadecimal>. You can specify multiple code points, separated by commas and ranges separated by hyphens. This option can be specified multiple times. The syntax is: 0.0 3.5 C symbol_map codepoints Font Family Name P 0.0 narrow_symbols 0.0 3.5 C narrow_symbols U+E0A0-U+E0A3,U+E0C0-U+E0C7 1 P Usually, for Private Use Unicode characters and some symbol/dingbat characters, if the character is followed by one or more spaces, kitty will use those extra cells to render the character larger, if the character in the font has a wide aspect ratio. Using this option you can force kitty to restrict the specified code points to render in the specified number of cells (defaulting to one cell). This option can be specified multiple times. The syntax is: 0.0 3.5 C narrow_symbols codepoints [optionally the number of cells] P 0.0 disable_ligatures 0.0 3.5 C disable_ligatures never P Choose how you want to handle multi-character ligatures. The default is to always render them. You can tell kitty to not render them when the cursor is over them by using cursor to make editing easier, or have kitty never render them at all by using always, if you don(aqt like them. The ligature strategy can be set per-window either using the kitty remote control facility or by defining shortcuts for it in kitty.conf, for example: 0.0 3.5 C map alt+1 disable_ligatures_in active always map alt+2 disable_ligatures_in all never map alt+3 disable_ligatures_in tab cursor P Note that this refers to programming ligatures, typically implemented using the calt OpenType feature. For disabling general ligatures, use the %font_features option. 0.0 font_features 0.0 3.5 C font_features none P Choose exactly which OpenType features to enable or disable. This is useful as some fonts might have features worthwhile in a terminal. For example, Fira Code includes a discretionary feature, zero, which in that font changes the appearance of the zero (0), to make it more easily distinguishable from Ø. Fira Code also includes other discretionary features known as Stylistic Sets which have the tags ss01 through ss20. For the exact syntax to use for individual features, see the %HarfBuzz documentation. Note that this code is indexed by PostScript name, and not the font family. This allows you to define very precise feature settings; e.g. you can disable a feature in the italic font but not in the regular font. On Linux, font features are first read from the FontConfig database and then this option is applied, so they can be configured in a single, central place. To get the PostScript name for a font, use kitty +list-fonts --psnames: 0.0 3.5 C $ kitty +list-fonts --psnames | grep Fira Fira Code Fira Code Bold (FiraCode-Bold) Fira Code Light (FiraCode-Light) Fira Code Medium (FiraCode-Medium) Fira Code Regular (FiraCode-Regular) Fira Code Retina (FiraCode-Retina) P The part in brackets is the PostScript name. Enable alternate zero and oldstyle numerals: 0.0 3.5 C font_features FiraCode-Retina +zero +onum P Enable only alternate zero in the bold font: 0.0 3.5 C font_features FiraCode-Bold +zero P Disable the normal ligatures, but keep the calt feature which (in this font) breaks up monotony: 0.0 3.5 C font_features TT2020StyleB-Regular -liga +calt P In conjunction with %force_ltr, you may want to disable Arabic shaping entirely, and only look at their isolated forms if they show up in a document. You can do this with e.g.: 0.0 3.5 C font_features UnifontMedium +isol -medi -fina -init P 0.0 modify_font 0.0 3.5 C modify_font P Modify font characteristics such as the position or thickness of the underline and strikethrough. The modifications can have the suffix px for pixels or % for percentage of original value. No suffix means use pts. For example: 0.0 3.5 C modify_font underline_position -2 modify_font underline_thickness 150% modify_font strikethrough_position 2px P Additionally, you can modify the size of the cell in which each font glyph is rendered and the baseline at which the glyph is placed in the cell. For example: 0.0 3.5 C modify_font cell_width 80% modify_font cell_height -2px modify_font baseline 3 P Note that modifying the baseline will automatically adjust the underline and strikethrough positions by the same amount. Increasing the baseline raises glyphs inside the cell and decreasing it lowers them. Decreasing the cell size might cause rendering artifacts, so use with care. 0.0 box_drawing_scale 0.0 3.5 C box_drawing_scale 0.001, 1, 1.5, 2 P The sizes of the lines used for the box drawing Unicode characters. These values are in pts. They will be scaled by the monitor DPI to arrive at a pixel value. There must be four values corresponding to thin, normal, thick, and very thick lines. 0.0 cursor 0.0 3.5 C cursor #cccccc P Default cursor color. If set to the special value none the cursor will be rendered with a (dqreverse video(dq effect. It(aqs color will be the color of the text in the cell it is over and the text will be rendered with the background color of the cell. Note that if the program running in the terminal sets a cursor color, this takes precedence. Also, the cursor colors are modified if the cell background and foreground colors have very low contrast. 0.0 cursor_text_color 0.0 3.5 C cursor_text_color #111111 P The color of text under the cursor. If you want it rendered with the background color of the cell underneath instead, use the special keyword: background. Note that if %cursor is set to none then this option is ignored. 0.0 cursor_shape 0.0 3.5 C cursor_shape block P The cursor shape can be one of block, beam, underline. Note that when reloading the config this will be changed only if the cursor shape has not been set by the program running in the terminal. This sets the default cursor shape, applications running in the terminal can override it. In particular, %shell integration in kitty sets the cursor shape to beam at shell prompts. You can avoid this by setting %shell_integration to no-cursor. 0.0 cursor_beam_thickness 0.0 3.5 C cursor_beam_thickness 1.5 P The thickness of the beam cursor (in pts). 0.0 cursor_underline_thickness 0.0 3.5 C cursor_underline_thickness 2.0 P The thickness of the underline cursor (in pts). 0.0 cursor_blink_interval 0.0 3.5 C cursor_blink_interval -1 P The interval to blink the cursor (in seconds). Set to zero to disable blinking. Negative values mean use system default. Note that the minimum interval will be limited to %repaint_delay. 0.0 cursor_stop_blinking_after 0.0 3.5 C cursor_stop_blinking_after 15.0 P Stop blinking cursor after the specified number of seconds of keyboard inactivity. Set to zero to never stop blinking. 0.0 scrollback_lines 0.0 3.5 C scrollback_lines 2000 P Number of lines of history to keep in memory for scrolling back. Memory is allocated on demand. Negative numbers are (effectively) infinite scrollback. Note that using very large scrollback is not recommended as it can slow down performance of the terminal and also use large amounts of RAM. Instead, consider using %scrollback_pager_history_size. Note that on config reload if this is changed it will only affect newly created windows, not existing ones. 0.0 scrollback_pager 0.0 3.5 C scrollback_pager less --chop-long-lines --RAW-CONTROL-CHARS +INPUT_LINE_NUMBER P Program with which to view scrollback in a new window. The scrollback buffer is passed as STDIN to this program. If you change it, make sure the program you use can handle ANSI escape sequences for colors and text formatting. INPUT_LINE_NUMBER in the command line above will be replaced by an integer representing which line should be at the top of the screen. Similarly CURSOR_LINE and CURSOR_COLUMN will be replaced by the current cursor position or set to 0 if there is no cursor, for example, when showing the last command output. 0.0 scrollback_pager_history_size 0.0 3.5 C scrollback_pager_history_size 0 P Separate scrollback history size (in MB), used only for browsing the scrollback buffer with pager. This separate buffer is not available for interactive scrolling but will be piped to the pager program when viewing scrollback buffer in a separate window. The current implementation stores the data in UTF-8, so approximatively 10000 lines per megabyte at 100 chars per line, for pure ASCII, unformatted text. A value of zero or less disables this feature. The maximum allowed size is 4GB. Note that on config reload if this is changed it will only affect newly created windows, not existing ones. 0.0 scrollback_fill_enlarged_window 0.0 3.5 C scrollback_fill_enlarged_window no P Fill new space with lines from the scrollback buffer after enlarging a window. 0.0 wheel_scroll_multiplier 0.0 3.5 C wheel_scroll_multiplier 5.0 P Multiplier for the number of lines scrolled by the mouse wheel. Note that this is only used for low precision scrolling devices, not for high precision scrolling devices on platforms such as macOS and Wayland. Use negative numbers to change scroll direction. See also %wheel_scroll_min_lines. 0.0 wheel_scroll_min_lines 0.0 3.5 C wheel_scroll_min_lines 1 P The minimum number of lines scrolled by the mouse wheel. The %scroll multiplier only takes effect after it reaches this number. Note that this is only used for low precision scrolling devices like wheel mice that scroll by very small amounts when using the wheel. With a negative number, the minimum number of lines will always be added. 0.0 touch_scroll_multiplier 0.0 3.5 C touch_scroll_multiplier 1.0 P Multiplier for the number of lines scrolled by a touchpad. Note that this is only used for high precision scrolling devices on platforms such as macOS and Wayland. Use negative numbers to change scroll direction. 0.0 mouse_hide_wait 0.0 3.5 C mouse_hide_wait 3.0 P Hide mouse cursor after the specified number of seconds of the mouse not being used. Set to zero to disable mouse cursor hiding. Set to a negative value to hide the mouse cursor immediately when typing text. Disabled by default on macOS as getting it to work robustly with the ever-changing sea of bugs that is Cocoa is too much effort. 0.0 url_color, url_style 0.0 3.5 C url_color #0087bd url_style curly P The color and style for highlighting URLs on mouse-over. %url_style can be one of: none, straight, double, curly, dotted, dashed. 0.0 open_url_with 0.0 3.5 C open_url_with default P The program to open clicked URLs. The special value default with first look for any URL handlers defined via the %Scripting the mouse click facility and if non are found, it will use the Operating System(aqs default URL handler (open on macOS and xdg-open on Linux). 0.0 url_prefixes 0.0 3.5 C url_prefixes file ftp ftps gemini git gopher http https irc ircs kitty mailto news sftp ssh P The set of URL prefixes to look for when detecting a URL under the mouse cursor. 0.0 detect_urls 0.0 3.5 C detect_urls yes P Detect URLs under the mouse. Detected URLs are highlighted with an underline and the mouse cursor becomes a hand over them. Even if this option is disabled, URLs are still clickable. 0.0 url_excluded_characters 0.0 3.5 C url_excluded_characters P Additional characters to be disallowed from URLs, when detecting URLs under the mouse cursor. By default, all characters that are legal in URLs are allowed. 0.0 copy_on_select 0.0 3.5 C copy_on_select no P Copy to clipboard or a private buffer on select. With this set to clipboard, selecting text with the mouse will cause the text to be copied to clipboard. Useful on platforms such as macOS that do not have the concept of primary selection. You can instead specify a name such as a1 to copy to a private kitty buffer. Map a shortcut with the paste_from_buffer action to paste from this private buffer. For example: 0.0 3.5 C copy_on_select a1 map shift+cmd+v paste_from_buffer a1 P Note that copying to the clipboard is a security risk, as all programs, including websites open in your browser can read the contents of the system clipboard. 0.0 paste_actions 0.0 3.5 C paste_actions quote-urls-at-prompt P A comma separated list of actions to take when pasting text into the terminal. The supported paste actions are: 0.0 quote-urls-at-prompt: If the text being pasted is a URL and the cursor is at a shell prompt, automatically quote the URL (needs %shell_integration). confirm: Confirm the paste if bracketed paste mode is not active or there is more a large amount of text being pasted. filter: Run the filter_paste() function from the file paste-actions.py in the kitty config directory on the pasted text. The text returned by the function will be actually pasted. 0.0 strip_trailing_spaces 0.0 3.5 C strip_trailing_spaces never P Remove spaces at the end of lines when copying to clipboard. A value of smart will do it when using normal selections, but not rectangle selections. A value of always will always do it. 0.0 select_by_word_characters 0.0 3.5 C select_by_word_characters @-./_~?&=%+# P Characters considered part of a word when double clicking. In addition to these characters any character that is marked as an alphanumeric character in the Unicode database will be matched. 0.0 select_by_word_characters_forward 0.0 3.5 C select_by_word_characters_forward P Characters considered part of a word when extending the selection forward on double clicking. In addition to these characters any character that is marked as an alphanumeric character in the Unicode database will be matched. If empty (default) %select_by_word_characters will be used for both directions. 0.0 click_interval 0.0 3.5 C click_interval -1.0 P The interval between successive clicks to detect double/triple clicks (in seconds). Negative numbers will use the system default instead, if available, or fallback to 0.5. 0.0 focus_follows_mouse 0.0 3.5 C focus_follows_mouse no P Set the active window to the window under the mouse when moving the mouse around. 0.0 pointer_shape_when_grabbed 0.0 3.5 C pointer_shape_when_grabbed arrow P The shape of the mouse pointer when the program running in the terminal grabs the mouse. Valid values are: arrow, beam and hand. 0.0 default_pointer_shape 0.0 3.5 C default_pointer_shape beam P The default shape of the mouse pointer. Valid values are: arrow, beam and hand. 0.0 pointer_shape_when_dragging 0.0 3.5 C pointer_shape_when_dragging beam P The default shape of the mouse pointer when dragging across text. Valid values are: arrow, beam and hand

mod_security(3)

Security Audit and Trailing Functionality

mosquitto_ctrl_dynsec(1)

mosquitto_ctrl module for controlling the Mosquitto Dynamic Security plugin

mysql_secure_installation(1)

improve MySQL installation security

netspoc(1), Netspoc(1)

A Network Security Policy Compiler

npm-audit(1)

Run a security audit

perlsec(1)

Perl security

perlsecpolicy(1)

Perl security report handling policy

podofoencrypt(1)

encrypt PDF files and set PDF security settings

snmpkey(1)

Create SNMPv3 security keys for the Net::SNMP module

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact