os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

sysctl variables should be marked up in <varname>, not <literal>.

Browse source
This commit is contained in:
Dima Dorfman 2001-08-14 06:43:35 +00:00
parent 5d5655b8c2
commit eda6e9701d
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=10345
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -1,7 +1,7 @@
<!-- <!--
The FreeBSD Documentation Project The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.68 2001/08/11 21:34:52 jim Exp $ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.69 2001/08/14 06:30:58 dd Exp $
--> -->
<chapter id="security"> <chapter id="security">
@ -496,7 +496,7 @@
device, on a running kernel. To avoid these problems you have to device, on a running kernel. To avoid these problems you have to
run the kernel at a higher secure level, at least securelevel 1. run the kernel at a higher secure level, at least securelevel 1.
The securelevel can be set with a <command>sysctl</command> on The securelevel can be set with a <command>sysctl</command> on
the <literal>kern.securelevel</literal> variable. Once you have the <varname>kern.securelevel</varname> variable. Once you have
set the securelevel to 1, write access to raw devices will be set the securelevel to 1, write access to raw devices will be
denied and special chflags flags, such as <literal>schg</literal>, denied and special chflags flags, such as <literal>schg</literal>,
will be enforced. You must also ensure that the will be enforced. You must also ensure that the
@ -714,7 +714,7 @@
port range on the firewall, to allow permissive-like operation, port range on the firewall, to allow permissive-like operation,
without compromising your low ports. Also take note that FreeBSD without compromising your low ports. Also take note that FreeBSD
allows you to control the range of port numbers used for dynamic allows you to control the range of port numbers used for dynamic
binding, via the various <literal>net.inet.ip.portrange</literal> binding, via the various <varname>net.inet.ip.portrange</varname>
<command>sysctl</command>'s (<command>sysctl -a | fgrep <command>sysctl</command>'s (<command>sysctl -a | fgrep
portrange</command>), which can also ease the complexity of your portrange</command>), which can also ease the complexity of your
firewall's configuration. For example, you might use a normal firewall's configuration. For example, you might use a normal
@ -760,7 +760,7 @@
services.</para> services.</para>
<para>Spoofed packet attacks may also be used to overload the kernel <para>Spoofed packet attacks may also be used to overload the kernel
route cache. Refer to the <literal>net.inet.ip.rtexpire</literal>, route cache. Refer to the <varname>net.inet.ip.rtexpire</varname>,
<literal>rtminexpire</literal>, and <literal>rtmaxcache</literal> <literal>rtminexpire</literal>, and <literal>rtmaxcache</literal>
<command>sysctl</command> parameters. A spoofed packet attack <command>sysctl</command> parameters. A spoofed packet attack
that uses a random source IP will cause the kernel to generate a that uses a random source IP will cause the kernel to generate a