FreeBSD Bugzilla – Attachment 73469 Details for
Bug 106494
[patch] add a note regarding the status of the "security profile" setting in sysinstall
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
install.chapter.sgml.diff
install.chapter.sgml.diff (text/plain), 5.56 KB, created by
Niclas Zeising
on 2006-12-09 14:09:51 UTC
(
hide
)
Description:
install.chapter.sgml.diff
Filename:
MIME Type:
Creator:
Niclas Zeising
Created:
2006-12-09 14:09:51 UTC
Size:
5.56 KB
patch
obsolete
>--- doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml.orig 2006-12-08 19:46:36.000000000 +0100 >+++ doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml 2006-12-09 15:04:18.000000000 +0100 >@@ -2650,184 +2650,6 @@ > </sect3> > </sect2> > >- <sect2 id="securityprofile"> >- <title>Security Profile</title> >- >- <para>A <quote>security profile</quote> is a set of >- configuration options that attempts to achieve the desired >- ratio of security to convenience by enabling and disabling >- certain programs and other settings. The more severe the >- security profile, the fewer programs will be enabled by >- default. This is one of the basic principles of security: do >- not run anything except what you must.</para> >- >- <para>Please note that the security profile is just a default >- setting. All programs can be enabled and disabled after you >- have installed FreeBSD by editing or adding the appropriate >- line(s) to <filename>/etc/rc.conf</filename>. For more >- information, please see the &man.rc.conf.5; manual >- page.</para> >- >- <para>The following table describes what each of the security >- profiles does. The columns are the choices you have for a >- security profile, and the rows are the program or feature that >- the profile enables or disables.</para> >- >- <table> >- <title>Possible Security Profiles</title> >- >- <tgroup cols=3> >- <thead> >- <row> >- <entry></entry> >- >- <entry>Extreme</entry> >- >- <entry>Moderate</entry> >- </row> >- </thead> >- >- <tbody> >- >- <row> >- <entry>&man.sendmail.8;</entry> >- >- <entry>NO</entry> >- >- <entry>YES</entry> >- </row> >- >- <row> >- <entry>&man.sshd.8;</entry> >- >- <entry>NO</entry> >- >- <entry>YES</entry> >- </row> >- >- <row> >- <entry>&man.portmap.8;</entry> >- >- <entry>NO</entry> >- >- <entry>MAYBE >- <footnote> >- <para>The portmapper is enabled if the machine has >- been configured as an NFS client or server earlier >- in the installation.</para> >- </footnote> >- </entry> >- </row> >- >- <row> >- <entry>NFS server</entry> >- >- <entry>NO</entry> >- >- <entry>YES</entry> >- </row> >- >- <row> >- <entry>&man.securelevel.8;</entry> >- >- <entry>YES >- <footnote> >- <para>If you choose a security profile that sets the >- securelevel to <quote>Extreme</quote> or >- <quote>High</quote>, you must be aware of the >- implications. Please read the &man.init.8; >- manual page and pay particular attention to the >- meanings of the security levels, or you may have >- significant trouble later!</para> >- </footnote> >- </entry> >- >- <entry>NO</entry> >- </row> >- </tbody> >- </tgroup> >- </table> >- >- <screen> User Confirmation Requested >- Do you want to select a default security profile for this host (select >- No for "medium" security)? >- >- [ Yes ] No</screen> >- >- <para>Selecting &gui.no; and pressing >- <keycap>Enter</keycap> will set the security profile to medium.</para> >- >- <para>Selecting &gui.yes; and pressing >- <keycap>Enter</keycap> will allow selecting a different security >- profile.</para> >- >- <figure id="security-profile"> >- <title>Security Profile Options</title> >- >- <mediaobject> >- <imageobject> >- <imagedata fileref="install/security" format="PNG"> >- </imageobject> >- </mediaobject> >- </figure> >- >- <para>Press <keycap>F1</keycap> to display the help. Press >- <keycap>Enter</keycap> to return to selection menu.</para> >- >- <para>Use the arrow keys to choose <guimenuitem>Medium</guimenuitem> >- unless your are sure that another level is required for your needs. >- With &gui.ok; highlighted, press >- <keycap>Enter</keycap>.</para> >- >- <para>An appropriate confirmation message will display depending on >- which security setting was chosen.</para> >- >- <screen> Message >- >-Moderate security settings have been selected. >- >-Sendmail and SSHd have been enabled, securelevels are >-disabled, and NFS server setting have been left intact. >-PLEASE NOTE that this still does not save you from having >-to properly secure your system in other ways or exercise >-due diligence in your administration, this simply picks >-a standard set of out-of-box defaults to start with. >- >-To change any of these settings later, edit /etc/rc.conf >- >- [OK]</screen> >- >- <screen> Message >- >-Extreme security settings have been selected. >- >-Sendmail, SSHd, and NFS services have been disabled, and >-securelevels have been enabled. >-PLEASE NOTE that this still does not save you from having >-to properly secure your system in other ways or exercise >-due diligence in your administration, this simply picks >-a more secure set of out-of-box defaults to start with. >- >-To change any of these settings later, edit /etc/rc.conf >- >- [OK]</screen> >- >- <para>Press <keycap>Enter</keycap> to continue with the >- post-installation configuration.</para> >- >- <warning> >- <para>The security profile is not a silver bullet! Even if >- you use the extreme setting, you need to keep up with >- security issues by reading an appropriate mailing >- list (<xref linkend="eresources-mail">), >- using good passwords and passphrases, and >- generally adhering to good security practices. It simply >- sets up the desired security to convenience ratio out of the >- box.</para> >- </warning> >- >- </sect2> >- > <sect2 id="console"> > <title>System Console Settings</title> >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=73469">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 106494
:
73468
| 73469