From owner-freebsd-security  Wed Feb 14 11: 1:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-67.dsl.lsan03.pacbell.net [63.207.60.67])
	by hub.freebsd.org (Postfix) with ESMTP
	id ABF1637B401; Wed, 14 Feb 2001 11:01:08 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 549EF66B26; Wed, 14 Feb 2001 11:01:08 -0800 (PST)
Date: Wed, 14 Feb 2001 11:01:08 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Kris Kennaway <kris@obsecurity.org>,
	Rob Simmons <rsimmons@wlcg.com>,
	Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG
Cc: doc@FreeBSD.org
Subject: Re: security settings documentation
Message-ID: <20010214110108.C73656@mollari.cthul.hu>
References: <p04330102b6b0697c0f5b@[134.76.136.114]> <Pine.BSF.4.21.0102141209460.15577-100000@mail.wlcg.com> <20010214092909.B72301@mollari.cthul.hu> <20010214122432.A76375@core.atomicbluebear.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="WfZ7S8PLGjBY9Voh"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010214122432.A76375@core.atomicbluebear.org>; from mlea@atomicbluebear.org on Wed, Feb 14, 2001 at 12:24:33PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 14, 2001 at 12:24:33PM -0600, Michael Lea wrote:
> On Wed, 14 Feb 2001, Kris Kennaway wrote:
>=20
> > Then write up some documentation for us and send it to doc@freebsd.org
>=20
> Somewhat terse, but here's a little "feature" matrix:
>=20
>                Fascist        High           Moderate       Low
> inetd          NO             NO             YES            YES
> sendmail       NO             YES            YES            YES
> sshd           NO             YES            YES            YES
> portmap        NO             NO             *              YES
> nfs_server     NO             NO             **             ***
> securelevel    YES (2)        YES (1)        NO             NO
>=20
> Any other configuration setting are, as near as I can tell, left unchange=
d.
> For details on securelevel, see the init(8) man page.
>=20
> NOTES:
> *   Portmap is enabled if the machine has been configured as either an NFS
>     client or an NFS server earlier in the installation process.
> **  If the machine has been configured as an NFS server, NFS will only run
>     on a reserved port.
> *** No changes are made to the NFS configuration.

Good stuff - thanks!

Doc-boyz and girlz, can we get this added somewhere?

Kris

--WfZ7S8PLGjBY9Voh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6itXzWry0BWjoQKURAicnAJ9SkPfGdcS4ZAJYJkWDzLz2ztGI+QCeMV4L
v3F/hR5Ei77r3IB63Oki8BE=
=Dso5
-----END PGP SIGNATURE-----

--WfZ7S8PLGjBY9Voh--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message