Attachment 16483 Details for Bug 30203 – secprof.2

secprof.2

secprof.2 (text/plain; charset=us-ascii), 4.71 KB, created by Michael W Lucas on 2001-08-30 23:22:46 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael W Lucas

Created: 2001-08-30 23:22:46 UTC

Size: 4.71 KB

patch

obsolete

>--- book.sgml-dist	Thu Aug 30 11:10:07 2001
>+++ book.sgml-secprof	Thu Aug 30 11:10:03 2001
>@@ -2178,52 +2178,38 @@
>           <para>A <quote>security profile</quote> is a set of configuration
>             options that attempts to achieve the desired ratio of security
>             to convenience by enabling and disabling certain programs and
>-            other settings.  The more severe the security profile, the less
>-            programs will be enabled by default; this is one of the basic
>-            principles of security: do not run anything except what you
>-            must.</para>
>+            other settings.  The more severe the security profile, the fewer
>+            programs will be enabled by
>+            default.  This is one of the basic principles of security:
>+            do not run anything except what you must.</para>
> 
>           <para>Please note that the security profile is just a default
>             setting.  All programs can be enabled and disabled after you have
>             installed FreeBSD by editing or adding the appropriate line(s)
>-            to <filename>/etc/rc.conf</filename>.  For more information on
>-            the latter, please see the &man.rc.conf.5; manual page.</para>
>+            to <filename>/etc/rc.conf</filename>.  For more information,
>+            please see the &man.rc.conf.5; manual page.</para>
> 
>-          <para>Following is a table that describes what each security
>-            profile does.  The columns are the choices you have for a
>-            security profile, and the rows are the program or feature that
>-            is enabled or disabled.</para>
>+          <para>The following table describes what each of the
>+            security profiles does.  The columns are the choices you
>+            have for a security profile, and the rows are the program
>+            or feature that the profile enables or disables.</para>
> 
>           <table>
>             <title>Possible security profiles</title>
> 
>-             <tgroup cols=5>
>+             <tgroup cols=3>
>                <thead>
>                  <row>
>                    <entry></entry>
> 
>                    <entry>Extreme</entry>
> 
>-                   <entry>High</entry>
>-
>                    <entry>Moderate</entry>
> 
>-                   <entry>Low</entry>
>                  </row>
>                </thead>
> 
>                <tbody>
>-                 <row>
>-                   <entry>&man.inetd.8;</entry>
>-
>-                   <entry>NO</entry>
>-
>-                   <entry>NO</entry>
>-
>-                   <entry>YES</entry>
>-
>-                   <entry>YES</entry>
>-                 </row>
> 
>                  <row>
>                    <entry>&man.sendmail.8;</entry>
>@@ -2232,9 +2218,6 @@
> 
>                    <entry>YES</entry>
> 
>-                   <entry>YES</entry>
>-
>-                   <entry>YES</entry>
>                  </row>
> 
>                  <row>
>@@ -2244,9 +2227,6 @@
> 
>                    <entry>YES</entry>
> 
>-                   <entry>YES</entry>
>-
>-                   <entry>YES</entry>
>                  </row>
> 
>                  <row>
>@@ -2254,8 +2234,6 @@
> 
>                    <entry>NO</entry>
> 
>-                   <entry>NO</entry>
>-
> 		<entry>MAYBE <footnote>
> 		    <para>The portmapper is enabled if the machine has been
> 		      configured as an NFS client or server earlier in the
>@@ -2263,7 +2241,6 @@
> 		  </footnote>
> 		</entry>
> 
>-                   <entry>YES</entry>
>                  </row>
> 
>                  <row>
>@@ -2271,11 +2248,8 @@
> 
>                    <entry>NO</entry>
> 
>-                   <entry>NO</entry>
>-
>                    <entry>YES</entry>
> 
>-                   <entry>YES</entry>
>                  </row>
> 
>                  <row>
>@@ -2291,19 +2265,16 @@
> 		      </footnote>
> 		      </entry>
> 
>-                   <entry>YES (1)</entry>
>-
>                    <entry>NO</entry>
> 
>-                   <entry>NO</entry>
>                  </row>
>                </tbody>
>              </tgroup>
>            </table>
> 
>              <warning>
>-               <para>The security profile is not a silver bullet!  Setting
>-                 it high does not mean you do not have to keep up with security
>+               <para>The security profile is not a silver bullet!  Even if you use the
>+                 extreme setting, you need to keep up with security
>                  issues by reading an appropriate <ulink
>                  url="../handbook/eresources.html#ERESOURCES-MAIL">mailing
>                  list</ulink>, using good passwords and passphrases, and
>@@ -2311,6 +2282,7 @@
>                  sets up the desired security to convenience ratio out of
>                  the box.</para>
>              </warning>
>+
> 
>              <note>
>                <para>The security profile mechanism is meant to be used

Actions: View

Attachments on bug 30203: 16482 | 16483