Re: security settings documentation

From owner-freebsd-security Wed Feb 14 13:28:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from gwdu42.gwdg.de (gwdu42.gwdg.de [134.76.10.26]) by hub.freebsd.org (Postfix) with ESMTP id 0CB3B37B401 for ; Wed, 14 Feb 2001 13:28:00 -0800 (PST) Received: from ras23-039.gwdg.de ([134.76.23.39] helo=[192.168.0.98]) by gwdu42.gwdg.de with esmtp (Exim 3.14 #18) id 14T9Sv-0006Ep-00; Wed, 14 Feb 2001 22:27:57 +0100 Mime-Version: 1.0 X-Sender: rbeer@popper.gwdg.de Message-Id: In-Reply-To: <20010214122432.A76375@core.atomicbluebear.org> References:

<20010214092909.B72301@mollari.cthul.hu> <20010214122432.A76375@core.atomicbluebear.org> Date: Wed, 14 Feb 2001 22:27:54 +0100 To: freebsd-security@freebsd.org From: Ragnar Beer Subject: Re: security settings documentation Content-Type: multipart/Related; boundary="============_-1229936418==_mr============" ; type="text/html" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --============_-1229936418==_mr============ Content-Type: multipart/alternative; boundary="============_-1229936418==_ma============" --============_-1229936418==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" Thanks a lot! Ragnar > > >*** PGP Signature Status: not verified (signing key missing) >*** Signer: 0x8A90644C >*** Signed: N/A at N/A >*** Verified: 14.02.2001 at 21:53 Uhr > >On Wed, 14 Feb 2001, Kris Kennaway wrote: > >> Then write up some documentation for us and send it to doc@freebsd.org > >Somewhat terse, but here's a little "feature" matrix: > > Fascist High Moderate Low >inetd NO NO YES YES >sendmail NO YES YES YES >sshd NO YES YES YES >portmap NO NO * YES >nfs_server NO NO ** *** >securelevel YES (2) YES (1) NO NO > >Any other configuration setting are, as near as I can tell, left unchanged. >For details on securelevel, see the init(8) man page. > >NOTES: >* Portmap is enabled if the machine has been configured as either an NFS > client or an NFS server earlier in the installation process. >** If the machine has been configured as an NFS server, NFS will only run > on a reserved port. >*** No changes are made to the NFS configuration. > >- Mike --============_-1229936418==_ma============ Content-Type: text/html; charset="us-ascii" Re: security settings documentation

Thanks a lot!

Ragnar

*** PGP Signature Status: not verified (signing key missing)
*** Signer: 0x8A90644C
*** Signed: N/A at N/A
*** Verified: 14.02.2001 at 21:53 Uhr

On Wed, 14 Feb 2001, Kris Kennaway wrote:

> Then write up some documentation for us and send it to doc@freebsd.org

Somewhat terse, but here's a little "feature" matrix:

               Fascist        High           Moderate       Low
inetd          NO             NO             YES            YES
sendmail       NO             YES            YES            YES
sshd           NO             YES            YES            YES
portmap        NO             NO             *              YES
nfs_server     NO             NO             **             ***
securelevel    YES (2)        YES (1)        NO             NO

Any other configuration setting are, as near as I can tell, left unchanged.
For details on securelevel, see the init(8) man page.

NOTES:
*   Portmap is enabled if the machine has been configured as either an NFS
    client or an NFS server earlier in the installation process.
** If the machine has been configured as an NFS server, NFS will only run
    on a reserved port.
*** No changes are made to the NFS configuration.

- Mike

--============_-1229936418==_ma============-- --============_-1229936418==_mr============ Content-Id: Received: by gwdu42 (mbox rbeer) (with Cubic Circle's cucipop (v1.31 1998/05/13) Wed Feb 14 21:49:05 2001) X-From_: mlea@atomicbluebear.org Wed Feb 14 19:24:56 2001 Return-path: Envelope-to: rbeer@uni-goettingen.de Delivery-date: Wed, 14 Feb 2001 19:24:56 +0100 Received: from core.atomicbluebear.org ([64.4.83.19]) by gwdu42.gwdg.de with esmtp (Exim 3.14 #18) id 14T6bk-00089v-00 for rbeer@uni-goettingen.de; Wed, 14 Feb 2001 19:24:52 +0100 Received: (qmail 77348 invoked by uid 1001); 14 Feb 2001 18:24:34 -0000 Date: Wed, 14 Feb 2001 12:24:33 -0600 From: Michael Lea To: Kris Kennaway Cc: Rob Simmons , Ragnar Beer , freebsd-security@FreeBSD.ORG Subject: Re: security settings documentation Message-ID: <20010214122432.A76375@core.atomicbluebear.org> Mail-Followup-To: Kris Kennaway , Rob Simmons , Ragnar Beer , freebsd-security@FreeBSD.ORG References:

<20010214092909.B72301@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010214092909.B72301@mollari.cthul.hu>; from kris@obsecurity.org on Wed, Feb 14, 2001 at 09:29:09AM -0800 --nFreZHaLTZJo0R7j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, 14 Feb 2001, Kris Kennaway wrote: > Then write up some documentation for us and send it to doc@freebsd.org Somewhat terse, but here's a little "feature" matrix: Fascist High Moderate Low inetd NO NO YES YES sendmail NO YES YES YES sshd NO YES YES YES portmap NO NO * YES nfs_server NO NO ** *** securelevel YES (2) YES (1) NO NO Any other configuration setting are, as near as I can tell, left unchanged. For details on securelevel, see the init(8) man page. NOTES: * Portmap is enabled if the machine has been configured as either an NFS client or an NFS server earlier in the installation process. ** If the machine has been configured as an NFS server, NFS will only run on a reserved port. *** No changes are made to the NFS configuration. - Mike --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjqKzVwACgkQc9EFi4qQZEySTACgppRgyLkWRA+LJ7fIv8AYuM7T W3UAoIQeTHPbvK2WXMzN2/tYYTPMIJpW =TMdX -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j-- --============_-1229936418==_mr============-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message