From owner-freebsd-security Wed Feb 14 11:12:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from eros.cs.brandeis.edu (eros.cs.brandeis.edu [129.64.3.177]) by hub.freebsd.org (Postfix) with ESMTP id 27C0637B401; Wed, 14 Feb 2001 11:12:48 -0800 (PST) Received: from localhost (meshko@localhost) by eros.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id OAA30724; Wed, 14 Feb 2001 14:11:03 -0500 Date: Wed, 14 Feb 2001 14:11:02 -0500 (EST) From: Mikhail Kruk To: Kris Kennaway Cc: Rob Simmons , Ragnar Beer , , Subject: Re: security settings documentation In-Reply-To: <20010214110108.C73656@mollari.cthul.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ah, I've wrote one too but managed to send it to the wrong address :) Anyway, the table is much better, but I have a correction and a suggestion: a) Fascist mode is called fascist only in code, the menu calls it "extereme", and it should be called this way in docs too. b) indicate that Moderate is default, because it really is. > > Somewhat terse, but here's a little "feature" matrix: > > > > Fascist High Moderate Low > > inetd NO NO YES YES > > sendmail NO YES YES YES > > sshd NO YES YES YES > > portmap NO NO * YES > > nfs_server NO NO ** *** > > securelevel YES (2) YES (1) NO NO > > > > Any other configuration setting are, as near as I can tell, left unchanged. > > For details on securelevel, see the init(8) man page. > > > > NOTES: > > * Portmap is enabled if the machine has been configured as either an NFS > > client or an NFS server earlier in the installation process. > > ** If the machine has been configured as an NFS server, NFS will only run > > on a reserved port. > > *** No changes are made to the NFS configuration. > > Good stuff - thanks! > > Doc-boyz and girlz, can we get this added somewhere? > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message