FreeBSD Bugzilla – Attachment 13402 Details for
Bug 25537
[PATCH] Explain security profiles in sysinstall
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.46 KB, created by
dima
on 2001-03-05 06:10:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
dima
Created:
2001-03-05 06:10:01 UTC
Size:
2.46 KB
patch
obsolete
>--- /dev/null Sun Mar 4 21:34:46 2001 >+++ help/secprofile.hlp Sun Mar 4 21:35:20 2001 >@@ -0,0 +1,47 @@ >+This menu allows you to configure your system's "security profile." A >+security profile is a set of configuration options that attempts to >+achieve the desired ratio of security to convenience by enabling and >+disabling certain programs and other settings. The more severe the >+security profile, the less programs will be enabled by default; this >+is one of the basic principles of security: do not run anything except >+what you must. >+ >+Please note that the security profile is just a default setting. All >+programs can be enabled and disabled later by editing or adding the >+appropriate line(s) to /etc/rc.conf. For more information on the >+latter, please see the rc.conf(5) manual page once you have installed >+FreeBSD. >+ >+Following is a table that describes what each security profile does. >+The columns are the choices you have for a security profile, and the >+rows are the program or feature that is enabled or disabled. >+ >+ Extreme High Moderate Low >+inetd NO NO YES YES >+sendmail NO YES YES YES >+sshd NO YES YES YES >+portmap NO NO [1] YES >+NFS server NO NO YES YES >+securelevel YES (2) [2] YES (1) [2] NO NO >+ >+NOTES: >+ >+[1] The portmapper is enabled if the machine has been configured as an >+ NFS client or server earlier in the installation. >+ >+[2] For Extreme, the securelevel is set to 2; for High, it is set to >+ 1. If you choose either of these, you must be aware of the >+ implications of securelevel. Please read the init(8) manual page and >+ the FAQ, or you may have problems performing such tasks as >+ installing a new kernel, changing the system date, or upgrading to a >+ later version of FreeBSD. >+ >+WARNING: The security profile is not a silver bullet! Setting it high >+does not mean you do not have to keep up with security issues by >+reading an appropriate mailing list (one where the security advisories >+are sent), using good passwords and passphrases, and generally >+adhering to good security practices. It simply sets up the desired >+security to convenience ratio out of the box. >+ >+You can always change any of these settings by editing or adding the >+appropriate line(s) to /etc/rc.conf.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13402">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 25537
:
13401
| 13402