FreeBSD Bugzilla – Attachment 16482 Details for
Bug 30203
description of security profiles in FAQ is just plain wrong
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 6.68 KB, created by
Michael W Lucas
on 2001-08-29 22:10:07 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Michael W Lucas
Created:
2001-08-29 22:10:07 UTC
Size:
6.68 KB
patch
obsolete
>*** book.sgml-dist Wed Aug 29 13:19:01 2001 >--- book.sgml Wed Aug 29 13:44:25 2001 >*************** >*** 2175,2229 **** > </question> > > <answer> >! <para>A <quote>security profile</quote> is a set of configuration >! options that attempts to achieve the desired ratio of security >! to convenience by enabling and disabling certain programs and >! other settings. The more severe the security profile, the less >! programs will be enabled by default; this is one of the basic >! principles of security: do not run anything except what you >! must.</para> >! >! <para>Please note that the security profile is just a default >! setting. All programs can be enabled and disabled after you have >! installed FreeBSD by editing or adding the appropriate line(s) >! to <filename>/etc/rc.conf</filename>. For more information on >! the latter, please see the &man.rc.conf.5; manual page.</para> >! >! <para>Following is a table that describes what each security >! profile does. The columns are the choices you have for a >! security profile, and the rows are the program or feature that >! is enabled or disabled.</para> > > <table> > <title>Possible security profiles</title> > >! <tgroup cols=5> > <thead> > <row> > <entry></entry> > > <entry>Extreme</entry> > >- <entry>High</entry> >- > <entry>Moderate</entry> > >- <entry>Low</entry> > </row> > </thead> > > <tbody> >- <row> >- <entry>&man.inetd.8;</entry> >- >- <entry>NO</entry> >- >- <entry>NO</entry> >- >- <entry>YES</entry> >- >- <entry>YES</entry> >- </row> > > <row> > <entry>&man.sendmail.8;</entry> >--- 2175,2216 ---- > </question> > > <answer> >! <para>A <quote>security profile</quote> is a set of >! configuration options that attempts to achieve the desired >! ratio of security to convenience by enabling and disabling >! certain programs and other settings. The more severe the >! security profile, the fewer programs will be enabled by >! default. This is one of the basic principles of security: >! do not run anything except what you must.</para> >! >! <para>Please note that the security profile is just a >! default setting. All programs can be enabled or disabled >! after you have installed FreeBSD by editing or adding the >! appropriate line(s) to <filename>/etc/rc.conf</filename>. >! For more information, please see the &man.rc.conf.5; >! manual page.</para> >! >! <para>Following is a table that describes what each of the >! security profiles does. The columns are the choices you >! have for a security profile, and the rows are the program >! or feature that the profile enables or disables.</para> > > <table> > <title>Possible security profiles</title> > >! <tgroup cols=3> > <thead> > <row> > <entry></entry> > > <entry>Extreme</entry> > > <entry>Moderate</entry> > > </row> > </thead> > > <tbody> > > <row> > <entry>&man.sendmail.8;</entry> >*************** >*** 2232,2240 **** > > <entry>YES</entry> > >- <entry>YES</entry> >- >- <entry>YES</entry> > </row> > > <row> >--- 2219,2224 ---- >*************** >*** 2244,2252 **** > > <entry>YES</entry> > >- <entry>YES</entry> >- >- <entry>YES</entry> > </row> > > <row> >--- 2228,2233 ---- >*************** >*** 2254,2261 **** > > <entry>NO</entry> > >- <entry>NO</entry> >- > <entry>MAYBE <footnote> > <para>The portmapper is enabled if the machine has been > configured as an NFS client or server earlier in the >--- 2235,2240 ---- >*************** >*** 2263,2269 **** > </footnote> > </entry> > >- <entry>YES</entry> > </row> > > <row> >--- 2242,2247 ---- >*************** >*** 2271,2281 **** > > <entry>NO</entry> > >- <entry>NO</entry> >- > <entry>YES</entry> > >- <entry>YES</entry> > </row> > > <row> >--- 2249,2256 ---- >*************** >*** 2291,2315 **** > </footnote> > </entry> > >- <entry>YES (1)</entry> >- > <entry>NO</entry> > >- <entry>NO</entry> > </row> > </tbody> > </tgroup> > </table> > > <warning> >! <para>The security profile is not a silver bullet! Setting >! it high does not mean you do not have to keep up with security >! issues by reading an appropriate <ulink > url="../handbook/eresources.html#ERESOURCES-MAIL">mailing >! list</ulink>, using good passwords and passphrases, and >! generally adhering to good security practices. It simply >! sets up the desired security to convenience ratio out of >! the box.</para> > </warning> > > <note> >--- 2266,2288 ---- > </footnote> > </entry> > > <entry>NO</entry> > > </row> > </tbody> > </tgroup> > </table> > > <warning> >! <para>The security profile is not a silver bullet! >! Even the extreme setting does not mean you do not >! have to keep up with security issues by reading an >! appropriate <ulink > url="../handbook/eresources.html#ERESOURCES-MAIL">mailing >! list</ulink>, using good passwords and passphrases, >! and generally adhering to good security practices. >! It simply sets up the desired security to convenience >! ratio out of the box.</para> > </warning> > > <note>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16482">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 30203
: 16482 |
16483