From 2df468840363b2e90aa8800ce7449581a102c15f Mon Sep 17 00:00:00 2001 From: Michael Lucas Date: Wed, 23 Jan 2002 09:43:05 +0000 Subject: [PATCH] Now that the Handbook knows about security profiles, take the axe to the table here. Put in a pointer to the Handbook. --- en_US.ISO8859-1/books/faq/book.sgml | 114 ++-------------------------- 1 file changed, 5 insertions(+), 109 deletions(-) diff --git a/en_US.ISO8859-1/books/faq/book.sgml b/en_US.ISO8859-1/books/faq/book.sgml index f411be1d7c..c5b1df2d3f 100644 --- a/en_US.ISO8859-1/books/faq/book.sgml +++ b/en_US.ISO8859-1/books/faq/book.sgml @@ -2335,115 +2335,11 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on A security profile is a set of configuration options that attempts to achieve the desired ratio of security to convenience by enabling and disabling certain programs and - other settings. The more severe the security profile, the - fewer programs will be enabled by default. This is one of the - basic principles of security: do not run anything except what - you must. - - Please note that the security profile is just a default - setting. All programs can be enabled and disabled after you - have installed FreeBSD by editing or adding the appropriate - line(s) to /etc/rc.conf. For more - information, please see the &man.rc.conf.5; manual page. - - The following table describes what each of the security - profiles does. The columns are the choices you have for a - security profile, and the rows are the program or feature that - the profile enables or disables. - - - Possible security profiles - - - - - - - Extreme - - Moderate - - - - - - - &man.sendmail.8; - - NO - - YES - - - - &man.sshd.8; - - NO - - YES - - - - &man.portmap.8; - - NO - - MAYBE - - The portmapper is enabled if the machine has - been configured as an NFS client or server earlier - in the installation. - - - - - - NFS server - - NO - - YES - - - - &man.securelevel.8; - - YES (2) - - If you choose a security profile that sets the - securelevel (Extreme or High), you must be aware - of the implications. Please read the &man.init.8; - manual page and pay particular attention to the - meanings of the security levels, or you may have - significant trouble later! - - - - NO - - - -
- - - The security profile is not a silver bullet! Even if you use the - extreme setting, you need to keep up with security - issues by reading an appropriate mailing - list, using good passwords and passphrases, and - generally adhering to good security practices. It simply - sets up the desired security to convenience ratio out of - the box. - - - - The security profile mechanism is meant to be used - when you first install FreeBSD. If you already have - FreeBSD installed, it would probably be more beneficial to - simply enable or disable the desired functionality. If - you really want to use a security profile, you can re-run - &man.sysinstall.8; to set it. - + other settings. For full details, see the Security + Profile section of the Handbook's post-install + chapter.