os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update the question about sysinstall security profiles to reflect

Browse source 
reality.  Also fix some bad grammar.

PR:		30203
Submitted by:	Michael Lucas <mwlucas@blackhelicopters.org>
This commit is contained in:
Dima Dorfman 2001-08-31 16:14:25 +00:00
parent dd93ac6342
commit 347fa35657
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=10512
1 changed files with 14 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
en_US.ISO8859-1/books/faq/book.sgml
View file

@ -17,7 +17,7 @@
<corpauthor>The FreeBSD Documentation Project</corpauthor> <corpauthor>The FreeBSD Documentation Project</corpauthor>
<pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.256 2001/08/19 18:51:53 jim Exp $</pubdate> <pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.257 2001/08/23 22:06:11 dd Exp $</pubdate>
<copyright> <copyright>
<year>1995</year> <year>1995</year>
@ -2178,52 +2178,37 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<para>A <quote>security profile</quote> is a set of configuration <para>A <quote>security profile</quote> is a set of configuration
options that attempts to achieve the desired ratio of security options that attempts to achieve the desired ratio of security
to convenience by enabling and disabling certain programs and to convenience by enabling and disabling certain programs and
other settings. The more severe the security profile, the less other settings. The more severe the security profile, the fewer
programs will be enabled by default; this is one of the basic programs will be enabled by
principles of security: do not run anything except what you default. This is one of the basic principles of security:
must.</para> do not run anything except what you must.</para>
<para>Please note that the security profile is just a default <para>Please note that the security profile is just a default
setting. All programs can be enabled and disabled after you have setting. All programs can be enabled and disabled after you have
installed FreeBSD by editing or adding the appropriate line(s) installed FreeBSD by editing or adding the appropriate line(s)
to <filename>/etc/rc.conf</filename>. For more information on to <filename>/etc/rc.conf</filename>. For more information,
the latter, please see the &man.rc.conf.5; manual page.</para> please see the &man.rc.conf.5; manual page.</para>
<para>Following is a table that describes what each security <para>The following table describes what each of the
profile does. The columns are the choices you have for a security profiles do. The columns are the choices you
security profile, and the rows are the program or feature that have for a security profile, and the rows are the program
is enabled or disabled.</para> or feature that the profile enables or disables.</para>
<table> <table>
<title>Possible security profiles</title> <title>Possible security profiles</title>
<tgroup cols=5> <tgroup cols=3>
<thead> <thead>
<row> <row>
<entry></entry> <entry></entry>
<entry>Extreme</entry> <entry>Extreme</entry>
<entry>High</entry>
<entry>Moderate</entry> <entry>Moderate</entry>
<entry>Low</entry>
</row> </row>
</thead> </thead>
<tbody> <tbody>
<row>
<entry>&man.inetd.8;</entry>
<entry>NO</entry>
<entry>NO</entry>
<entry>YES</entry>
<entry>YES</entry>
</row>
<row> <row>
<entry>&man.sendmail.8;</entry> <entry>&man.sendmail.8;</entry>
@ -2231,10 +2216,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry> <entry>NO</entry>
<entry>YES</entry> <entry>YES</entry>
<entry>YES</entry>
<entry>YES</entry>
</row> </row>
<row> <row>
@ -2243,10 +2224,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry> <entry>NO</entry>
<entry>YES</entry> <entry>YES</entry>
<entry>YES</entry>
<entry>YES</entry>
</row> </row>
<row> <row>
@ -2254,8 +2231,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry> <entry>NO</entry>
<entry>NO</entry>
<entry>MAYBE <footnote> <entry>MAYBE <footnote>
<para>The portmapper is enabled if the machine has been <para>The portmapper is enabled if the machine has been
configured as an NFS client or server earlier in the configured as an NFS client or server earlier in the
@ -2263,7 +2238,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</footnote> </footnote>
</entry> </entry>
<entry>YES</entry>
</row> </row>
<row> <row>
@ -2271,10 +2245,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry> <entry>NO</entry>
<entry>NO</entry>
<entry>YES</entry>
<entry>YES</entry> <entry>YES</entry>
</row> </row>
@ -2291,10 +2261,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</footnote> </footnote>
</entry> </entry>
<entry>YES (1)</entry>
<entry>NO</entry>
<entry>NO</entry> <entry>NO</entry>
</row> </row>
</tbody> </tbody>
@ -2302,8 +2268,8 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</table> </table>
<warning> <warning>
<para>The security profile is not a silver bullet! Setting <para>The security profile is not a silver bullet! Even if you use the
it high does not mean you do not have to keep up with security extreme setting, you need to keep up with security
issues by reading an appropriate <ulink issues by reading an appropriate <ulink
url="../handbook/eresources.html#ERESOURCES-MAIL">mailing url="../handbook/eresources.html#ERESOURCES-MAIL">mailing
list</ulink>, using good passwords and passphrases, and list</ulink>, using good passwords and passphrases, and