From owner-freebsd-doc Thu Aug 19 6:22:11 1999 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 3B9CA14D36 for ; Thu, 19 Aug 1999 06:21:58 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id GAA36383; Thu, 19 Aug 1999 06:20:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from sonet.crimea.ua (OTC-sl3-FLY.CRIS.NET [212.110.136.71]) by hub.freebsd.org (Postfix) with ESMTP id 2C44D15164 for ; Thu, 19 Aug 1999 06:09:10 -0700 (PDT) (envelope-from phantom@scorpion.crimea.ua) Received: (from uucp@localhost) by sonet.crimea.ua (8.8.8/8.8.8) with UUCP id OAA26085 for FreeBSD-gnats-submit@freebsd.org; Thu, 19 Aug 1999 14:25:31 +0400 (MSD) (envelope-from phantom@scorpion.crimea.ua) Received: (from phantom@localhost) by scorpion.crimea.ua (8.8.8/8.8.5+ssl+keepalive) id OAA01251; Thu, 19 Aug 1999 14:01:13 +0400 (MSD) Message-Id: <199908191001.OAA01251@scorpion.crimea.ua> Date: Thu, 19 Aug 1999 14:01:13 +0400 (MSD) From: "Alexey M. Zelkin" Reply-To: "Alexey M. Zelkin" To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: docs/13256: [PATCH] security.7 style and copyright section modifications Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 13256 >Category: docs >Synopsis: [PATCH] security.7 style and copyright section modifications >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Thu Aug 19 06:20:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Alexey Zelkin >Release: FreeBSD 4.0-CURRENT i386 >Organization: Home >Environment: >Description: Copyright note replaced with /usr/share/examples/etc/bsd-style-copyright .Os -> .Os FreeBSD (I see .Nm/.Nd say that this document wrote for FreeBSD) Style modifications >How-To-Repeat: >Fix: Index: security.7 =================================================================== RCS file: /usr/local/CVSROOT/src/share/man/man7/security.7,v retrieving revision 1.8 diff -c -r1.8 security.7 *** security.7 1999/08/18 05:55:02 1.8 --- security.7 1999/01/19 08:53:27 *************** *** 1,12 **** ! .\" Copyright (c) 1998, Matthew Dillon. Terms and conditions are those of ! .\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in ! .\" the source tree. .\" .\" $Id: security.7,v 1.8 1999/08/18 05:55:02 chris Exp $ .\" .Dd December 20, 1998 .Dt SECURITY 7 ! .Os .Sh NAME .Nm security .Nd introduction to security under FreeBSD --- 1,32 ---- ! .\" Copyright (c) 1998, Matthew Dillon. ! .\" All rights reserved. .\" + .\" Redistribution and use in source and binary forms, with or without + .\" modification, are permitted provided that the following conditions + .\" are met: + .\" 1. Redistributions of source code must retain the above copyright + .\" notice, this list of conditions and the following disclaimer. + .\" 2. Redistributions in binary form must reproduce the above copyright + .\" notice, this list of conditions and the following disclaimer in the + .\" documentation and/or other materials provided with the distribution. + .\" + .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + .\" SUCH DAMAGE. + .\" .\" $Id: security.7,v 1.8 1999/08/18 05:55:02 chris Exp $ .\" .Dd December 20, 1998 .Dt SECURITY 7 ! .Os FreeBSD .Sh NAME .Nm security .Nd introduction to security under FreeBSD *************** *** 208,214 **** If you are running a machine through which people only login via sshd and never login via telnetd or rshd or rlogind, then turn off those services! .Pp ! .Bx Free now defaults to running ntalkd, comsat, and finger in a sandbox. Another program which may be a candidate for running in a sandbox is .Xr named 8 . --- 228,234 ---- If you are running a machine through which people only login via sshd and never login via telnetd or rshd or rlogind, then turn off those services! .Pp ! .Fx now defaults to running ntalkd, comsat, and finger in a sandbox. Another program which may be a candidate for running in a sandbox is .Xr named 8 . *************** *** 288,294 **** If an attacker breaks root he can do just about anything, but there are certain conveniences. For example, most modern kernels have a packet sniffing device driver built in. Under ! .Bx Free it is called the .Sq bpf --- 308,314 ---- If an attacker breaks root he can do just about anything, but there are certain conveniences. For example, most modern kernels have a packet sniffing device driver built in. Under ! .Fx it is called the .Sq bpf *************** *** 503,509 **** service and forget to update the firewall. You can still open up the high-numbered port range on the firewall to allow permissive-like operation without compromising your low ports. Also take note that ! .Bx Free allows you to control the range of port numbers used for dynamic binding via the various net.inet.ip.portrange sysctl's --- 523,529 ---- service and forget to update the firewall. You can still open up the high-numbered port range on the firewall to allow permissive-like operation without compromising your low ports. Also take note that ! .Fx allows you to control the range of port numbers used for dynamic binding via the various net.inet.ip.portrange sysctl's *************** *** 534,540 **** outgoing network with ICMP responses. This type of attack can also crash the server by running it out of mbuf's, especially if the server cannot drain the ICMP responses it generates fast enough. The ! .Bx Free kernel has a new kernel compile option called ICMP_BANDLIM which limits the effectiveness of these sorts of attacks. The last major class of springboard attacks is related to --- 554,560 ---- outgoing network with ICMP responses. This type of attack can also crash the server by running it out of mbuf's, especially if the server cannot drain the ICMP responses it generates fast enough. The ! .Fx kernel has a new kernel compile option called ICMP_BANDLIM which limits the effectiveness of these sorts of attacks. The last major class of springboard attacks is related to *************** *** 574,584 **** .Xr find 1 , .Xr kerberos 1 , .Xr md5 1 , ! .Xr ssh 1 , ! .Xr sshd 1 , .Xr syslogd 1 , .Xr xdm 1 , .Xr sysctl 8 .Sh HISTORY The .Nm --- 594,608 ---- .Xr find 1 , .Xr kerberos 1 , .Xr md5 1 , ! .Xr netstat 1 , .Xr syslogd 1 , .Xr xdm 1 , .Xr sysctl 8 + + The follwing are part of security ports collection: + + .Xr ssh 1 , + .Xr sshd 1 .Sh HISTORY The .Nm >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message