Date: Wed, 14 Feb 2001 14:11:02 -0500 (EST) From: Mikhail Kruk <meshko@cs.brandeis.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: Rob Simmons <rsimmons@wlcg.com>, Ragnar Beer <rbeer@uni-goettingen.de>, <freebsd-security@FreeBSD.ORG>, <doc@FreeBSD.ORG> Subject: Re: security settings documentation Message-ID: <Pine.LNX.4.30.0102141408560.30623-100000@eros.cs.brandeis.edu> In-Reply-To: <20010214110108.C73656@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Ah, I've wrote one too but managed to send it to the wrong address :) Anyway, the table is much better, but I have a correction and a suggestion: a) Fascist mode is called fascist only in code, the menu calls it "extereme", and it should be called this way in docs too. b) indicate that Moderate is default, because it really is. > > Somewhat terse, but here's a little "feature" matrix: > > > > Fascist High Moderate Low > > inetd NO NO YES YES > > sendmail NO YES YES YES > > sshd NO YES YES YES > > portmap NO NO * YES > > nfs_server NO NO ** *** > > securelevel YES (2) YES (1) NO NO > > > > Any other configuration setting are, as near as I can tell, left unchanged. > > For details on securelevel, see the init(8) man page. > > > > NOTES: > > * Portmap is enabled if the machine has been configured as either an NFS > > client or an NFS server earlier in the installation process. > > ** If the machine has been configured as an NFS server, NFS will only run > > on a reserved port. > > *** No changes are made to the NFS configuration. > > Good stuff - thanks! > > Doc-boyz and girlz, can we get this added somewhere? > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0102141408560.30623-100000>