Update the question about sysinstall security profiles to reflect
reality. Also fix some bad grammar. PR: 30203 Submitted by: Michael Lucas <mwlucas@blackhelicopters.org>
This commit is contained in:
Dima Dorfman
parent
dd93ac6342
commit
347fa35657
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=10512
1 changed files with 14 additions and 48 deletions
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
<corpauthor>The FreeBSD Documentation Project</corpauthor>
|
||||
|
||||
<pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.256 2001/08/19 18:51:53 jim Exp $</pubdate>
|
||||
<pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.257 2001/08/23 22:06:11 dd Exp $</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>1995</year>
|
||||
|
|
@ -2178,52 +2178,37 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
<para>A <quote>security profile</quote> is a set of configuration
|
||||
options that attempts to achieve the desired ratio of security
|
||||
to convenience by enabling and disabling certain programs and
|
||||
other settings. The more severe the security profile, the less
|
||||
programs will be enabled by default; this is one of the basic
|
||||
principles of security: do not run anything except what you
|
||||
must.</para>
|
||||
other settings. The more severe the security profile, the fewer
|
||||
programs will be enabled by
|
||||
default. This is one of the basic principles of security:
|
||||
do not run anything except what you must.</para>
|
||||
|
||||
<para>Please note that the security profile is just a default
|
||||
setting. All programs can be enabled and disabled after you have
|
||||
installed FreeBSD by editing or adding the appropriate line(s)
|
||||
to <filename>/etc/rc.conf</filename>. For more information on
|
||||
the latter, please see the &man.rc.conf.5; manual page.</para>
|
||||
to <filename>/etc/rc.conf</filename>. For more information,
|
||||
please see the &man.rc.conf.5; manual page.</para>
|
||||
|
||||
<para>Following is a table that describes what each security
|
||||
profile does. The columns are the choices you have for a
|
||||
security profile, and the rows are the program or feature that
|
||||
is enabled or disabled.</para>
|
||||
<para>The following table describes what each of the
|
||||
security profiles do. The columns are the choices you
|
||||
have for a security profile, and the rows are the program
|
||||
or feature that the profile enables or disables.</para>
|
||||
|
||||
<table>
|
||||
<title>Possible security profiles</title>
|
||||
|
||||
<tgroup cols=5>
|
||||
<tgroup cols=3>
|
||||
<thead>
|
||||
<row>
|
||||
<entry></entry>
|
||||
|
||||
<entry>Extreme</entry>
|
||||
|
||||
<entry>High</entry>
|
||||
|
||||
<entry>Moderate</entry>
|
||||
|
||||
<entry>Low</entry>
|
||||
</row>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>&man.inetd.8;</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>&man.sendmail.8;</entry>
|
||||
|
|
@ -2231,10 +2216,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
<entry>NO</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
|
@ -2243,10 +2224,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
<entry>NO</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
|
@ -2254,8 +2231,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>MAYBE <footnote>
|
||||
<para>The portmapper is enabled if the machine has been
|
||||
configured as an NFS client or server earlier in the
|
||||
|
|
@ -2263,7 +2238,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
</footnote>
|
||||
</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
|
@ -2271,10 +2245,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
|
||||
<entry>YES</entry>
|
||||
</row>
|
||||
|
||||
|
|
@ -2291,10 +2261,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
</footnote>
|
||||
</entry>
|
||||
|
||||
<entry>YES (1)</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
|
||||
<entry>NO</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
|
|
@ -2302,8 +2268,8 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
|
|||
</table>
|
||||
|
||||
<warning>
|
||||
<para>The security profile is not a silver bullet! Setting
|
||||
it high does not mean you do not have to keep up with security
|
||||
<para>The security profile is not a silver bullet! Even if you use the
|
||||
extreme setting, you need to keep up with security
|
||||
issues by reading an appropriate <ulink
|
||||
url="../handbook/eresources.html#ERESOURCES-MAIL">mailing
|
||||
list</ulink>, using good passwords and passphrases, and
|
||||
|
|
|
|||
Loading…
Reference in a new issue