From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 28 21:10:39 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD12116A4CE for ; Wed, 28 Jul 2004 21:10:39 +0000 (GMT) Received: from sp5.cs.ucdavis.edu (sp5.cs.ucdavis.edu [169.237.5.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6D0643D5C for ; Wed, 28 Jul 2004 21:10:39 +0000 (GMT) (envelope-from abkonstantinov@earthlink.net) Received: from sp5.cs.ucdavis.edu (localhost.localdomain [127.0.0.1]) by sp5.cs.ucdavis.edu (8.12.8/8.12.8) with ESMTP id i6SLAd5u004481 for ; Wed, 28 Jul 2004 14:10:39 -0700 Received: (from konstant@localhost) by sp5.cs.ucdavis.edu (8.12.8/8.12.8/Submit) id i6SLAdaL004479 for hackers@freebsd.org; Wed, 28 Jul 2004 14:10:39 -0700 X-Authentication-Warning: sp5.cs.ucdavis.edu: konstant set sender to abkonstantinov@earthlink.net using -f From: Andrew Konstantinov To: hackers@freebsd.org In-Reply-To: <20040728181459.24126.qmail@web21528.mail.yahoo.com> References: <20040728181459.24126.qmail@web21528.mail.yahoo.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: Message-Id: <1091049038.4409.25.camel@sp5.cs.ucdavis.edu> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) Date: 28 Jul 2004 14:10:39 -0700 Subject: Re: Kernel options X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 21:10:39 -0000 On Wed, 2004-07-28 at 11:14, bsd hack wrote: > Hi, > I am working with the Kernel config file to optimize it and also to improve the overall security of the system! > > I have the following quetions: > (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file! I think this is related to the thread about "next generation" kernel config stuff, but for starters you might want to take a look at the NOTES file. > (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel? Perhaps what you are looking for is the tuning manual page? > (3) and also my aim includes optimizing the kernel... so by enabling only the options I need to I should get a get optimization... is there anything else that can be done? By excluding all the unnecessary code from the kernel you are performing kernel minimization. What you are really looking for is the run time system optimizaion (configuration process) for a particular task that it is going to perform. > (4) My aim is to improve local and network security. I guess enabling IPFIREWALL helps with the network security part.... are there any special options for local security? Enabling IPFIREWALL option won't help your security, but configuring your firewall properly will. Also, there is some useful theoretical information in the security manual page. Andrew