os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Now that the Handbook knows about security profiles, take the axe to

Browse source 
the table here.  Put in a pointer to the Handbook.
This commit is contained in:
Michael Lucas 2002-01-23 09:43:05 +00:00
parent bbe81cf2d8
commit 2df4688403
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=11844
1 changed files with 5 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

114
en_US.ISO8859-1/books/faq/book.sgml
View file

@ -2335,115 +2335,11 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<para>A <quote>security profile</quote> is a set of configuration
options that attempts to achieve the desired ratio of security
to convenience by enabling and disabling certain programs and
other settings. The more severe the security profile, the
fewer programs will be enabled by default. This is one of the
basic principles of security: do not run anything except what
you must.</para>
<para>Please note that the security profile is just a default
setting. All programs can be enabled and disabled after you
have installed FreeBSD by editing or adding the appropriate
line(s) to <filename>/etc/rc.conf</filename>. For more
information, please see the &man.rc.conf.5; manual page.</para>
<para>The following table describes what each of the security
profiles does. The columns are the choices you have for a
security profile, and the rows are the program or feature that
the profile enables or disables.</para>
<table>
<title>Possible security profiles</title>
<tgroup cols=3>
<thead>
<row>
<entry></entry>
<entry>Extreme</entry>
<entry>Moderate</entry>
</row>
</thead>
<tbody>
<row>
<entry>&man.sendmail.8;</entry>
<entry>NO</entry>
<entry>YES</entry>
</row>
<row>
<entry>&man.sshd.8;</entry>
<entry>NO</entry>
<entry>YES</entry>
</row>
<row>
<entry>&man.portmap.8;</entry>
<entry>NO</entry>
<entry>MAYBE
<footnote>
<para>The portmapper is enabled if the machine has
been configured as an NFS client or server earlier
in the installation.</para>
</footnote>
</entry>
</row>
<row>
<entry>NFS server</entry>
<entry>NO</entry>
<entry>YES</entry>
</row>
<row>
<entry>&man.securelevel.8;</entry>
<entry>YES (2)
<footnote>
<para>If you choose a security profile that sets the
securelevel (Extreme or High), you must be aware
of the implications. Please read the &man.init.8;
manual page and pay particular attention to the
meanings of the security levels, or you may have
significant trouble later!</para>
</footnote>
</entry>
<entry>NO</entry>
</row>
</tbody>
</tgroup>
</table>
<warning>
<para>The security profile is not a silver bullet! Even if you use the
extreme setting, you need to keep up with security
issues by reading an appropriate <ulink
url="../handbook/eresources.html#ERESOURCES-MAIL">mailing
list</ulink>, using good passwords and passphrases, and
generally adhering to good security practices. It simply
sets up the desired security to convenience ratio out of
the box.</para>
</warning>
<note>
<para>The security profile mechanism is meant to be used
when you first install FreeBSD. If you already have
FreeBSD installed, it would probably be more beneficial to
simply enable or disable the desired functionality. If
you really want to use a security profile, you can re-run
&man.sysinstall.8; to set it.</para>
</note>
other settings. For full details, see the <ulink
url="../handbook/install-post.html#SECURITYPROFILE">Security
Profile</ulink> section of the Handbook's <ulink
url="../handbook/install-post.html">post-install
chapter</ulink>.</para>
</answer>
</qandaentry>
</qandaset>