From owner-freebsd-questions@freebsd.org Tue Jun 13 23:11:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C7C0C08CD5 for ; Tue, 13 Jun 2017 23:11:52 +0000 (UTC) (envelope-from christofer.c.bell@gmail.com) Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B43C36FF4B for ; Tue, 13 Jun 2017 23:11:51 +0000 (UTC) (envelope-from christofer.c.bell@gmail.com) Received: by mail-vk0-x231.google.com with SMTP id p62so72612241vkp.0 for ; Tue, 13 Jun 2017 16:11:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=92b68gJTwJtZgkh3L4gz32E4tuYcu+5d2Eqc6bgMKLY=; b=hzzri/rg76eCM/gaXOECzGXzrZ/sU6SBXPEg6YmuRsaTRKKtKWdnsur69tHG7fwhbh qbFCJbU85WxfVCK95DVmXVekXz6VcWFc5r9+jxl7uLqZ3NUnxLgBcVh3jYlRdmu6RbNt PruNFtGB2w1t4oS35j/o9z/y4fq0xoN7nlrO307O2jPGM18mruoXoEL3VtUgi/786lrg V27eplSDlxN8T7nxNYWlblpk6FgMOJm1FHP1GvcS5BeEzg7io73HTl//D1s6RMjfei9i 8UN0cREz2tBVa6/6PPqjx0ZU/e+FSZSupwcks9vbS3JSsnJtDSjamSKEs8UjeXI8ZcGg ADwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=92b68gJTwJtZgkh3L4gz32E4tuYcu+5d2Eqc6bgMKLY=; b=PrP7nVNRodb5N2nawsZKla5ZumMfaDFwA3SWiVQevlKBQidaRfYspKxAW4PV+U410G oGlo0yx8TVCBtlI0ksLcdTZzjlQCY79HKCXna6skSLo/UyzAeV8rz0JuokGkCRW3/P9/ Te23mxzGoka5EOBfUmLBINn12bfwKBUguejiwawutvvquWhEgL9KAMOtLYAeY1SBkRL8 y/IJ5BYWEMStUo7bIiQYjeQr2f8GPrycJ5sYgDGkS0s8hrFkuB71LyofTBmBN2ZWXg5C RvNVB5UZXP+W0RN+Rc63CNZwAzeoHi9eItkhAnhv3jL0psCJaCvjFUUUh7mU/qWLSJ9N 8evg== X-Gm-Message-State: AKS2vOxAcmlCmCddXYSDCQTMST7PzX7VJWbUgJmdPJRbeWTkG4gZCamW 9WMLASREVRO9FzLvKLMbiPS3c7h0qQ== X-Received: by 10.31.124.8 with SMTP id x8mr1461058vkc.143.1497395510733; Tue, 13 Jun 2017 16:11:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.171.14 with HTTP; Tue, 13 Jun 2017 16:11:30 -0700 (PDT) In-Reply-To: <593EECAC.7050208@gmail.com> References: <593EECAC.7050208@gmail.com> From: "Christofer C. Bell" Date: Tue, 13 Jun 2017 18:11:30 -0500 Message-ID: Subject: Re: security options To: Friedrich Locke Cc: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jun 2017 23:11:52 -0000 On Mon, Jun 12, 2017 at 2:34 PM, Friedrich Locke wrote: > Hi folks, > > i wonder what are the sysctl variables and its value to those list of > options, related to security, that are given us the chance to change in the > fbsd install program. > > I mean options like: [ ] prevent users from seeing other processes > [ ] prevent users from other groups processes > > Thanks. > Friedrich, If you have the 'src' component installed, you can see what that screen in the installer is doing here: /usr/src/usr.sbin/bsdinstall/scripts/hardening If you can read a standard shell script, it's pretty easy to see what's what in there. And if you want to retroactively apply (or remove) the changes made by that dialog, you can work out how to do that pretty easily. -- Chris "If you wish to make an apple pie from scratch, you must first invent the Universe." -- Carl Sagan