Date: Wed, 14 Feb 2001 22:27:54 +0100 From: Ragnar Beer <rbeer@uni-goettingen.de> To: freebsd-security@freebsd.org Subject: Re: security settings documentation Message-ID: <p04330100b6b0a7b83e0a@[134.76.136.114]> In-Reply-To: <20010214122432.A76375@core.atomicbluebear.org> References: <p04330102b6b0697c0f5b@[134.76.136.114]> <Pine.BSF.4.21.0102141209460.15577-100000@mail.wlcg.com> <20010214092909.B72301@mollari.cthul.hu> <20010214122432.A76375@core.atomicbluebear.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--============_-1229936418==_mr============
Content-Type: multipart/alternative; boundary="============_-1229936418==_ma============"
--============_-1229936418==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Thanks a lot!
Ragnar
>
>
>*** PGP Signature Status: not verified (signing key missing)
>*** Signer: 0x8A90644C
>*** Signed: N/A at N/A
>*** Verified: 14.02.2001 at 21:53 Uhr
>
>On Wed, 14 Feb 2001, Kris Kennaway wrote:
>
>> Then write up some documentation for us and send it to doc@freebsd.org
>
>Somewhat terse, but here's a little "feature" matrix:
>
> Fascist High Moderate Low
>inetd NO NO YES YES
>sendmail NO YES YES YES
>sshd NO YES YES YES
>portmap NO NO * YES
>nfs_server NO NO ** ***
>securelevel YES (2) YES (1) NO NO
>
>Any other configuration setting are, as near as I can tell, left unchanged.
>For details on securelevel, see the init(8) man page.
>
>NOTES:
>* Portmap is enabled if the machine has been configured as either an NFS
> client or an NFS server earlier in the installation process.
>** If the machine has been configured as an NFS server, NFS will only run
> on a reserved port.
>*** No changes are made to the NFS configuration.
>
>- Mike
--============_-1229936418==_ma============
Content-Type: text/html; charset="us-ascii"
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
--></style><title>Re: security settings
documentation</title></head><body>
<div>Thanks a lot!</div>
<div><br></div>
<div>Ragnar</div>
<div><br></div>
<blockquote type="cite" cite><img
src="cid:p04330100b6b0a7b83e0a@[134.76.136.114].1.0"><br>
<br>
*** PGP Signature Status: not verified (signing key missing)<br>
*** Signer: 0x8A90644C<br>
*** Signed: N/A at N/A<br>
*** Verified: 14.02.2001 at 21:53 Uhr<br>
<br>
On Wed, 14 Feb 2001, Kris Kennaway wrote:<br>
<br>
> Then write up some documentation for us and send it to
doc@freebsd.org<br>
<br>
Somewhat terse, but here's a little "feature" matrix:<br>
<br>
<span
></span>
Fascist
High
Moderate Low<br>
inetd
NO <span
></span>
NO <span
></span>
YES
YES<br>
sendmail
NO <span
></span>
YES
YES
YES<br>
sshd
NO <span
></span>
YES
YES
YES<br>
portmap
NO <span
></span>
NO <span
></span>
* <span
></span> YES<br>
nfs_server
NO <span
></span>
NO <span
></span>
** <span
></span> ***<br>
securelevel YES
(2) YES
(1)
NO <span
></span> NO<br>
<br>
Any other configuration setting are, as near as I can tell, left
unchanged.<br>
For details on securelevel, see the init(8) man page.<br>
<br>
NOTES:<br>
* Portmap is enabled if the machine has been configured
as either an NFS<br>
client or an NFS server earlier in the
installation process.<br>
** If the machine has been configured as an NFS server, NFS
will only run<br>
on a reserved port.<br>
*** No changes are made to the NFS configuration.<br>
<br>
- Mike</blockquote>
<div><br></div>
</body>
</html>
--============_-1229936418==_ma============--
--============_-1229936418==_mr============
Content-Id: <p04330100b6b0a7b83e0a@[134.76.136.114].1.0>
Received: by gwdu42 (mbox rbeer)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Wed Feb 14 21:49:05 2001)
X-From_: mlea@atomicbluebear.org Wed Feb 14 19:24:56 2001
Return-path: <mlea@atomicbluebear.org>
Envelope-to: rbeer@uni-goettingen.de
Delivery-date: Wed, 14 Feb 2001 19:24:56 +0100
Received: from core.atomicbluebear.org ([64.4.83.19])
by gwdu42.gwdg.de with esmtp (Exim 3.14 #18)
id 14T6bk-00089v-00
for rbeer@uni-goettingen.de; Wed, 14 Feb 2001 19:24:52 +0100
Received: (qmail 77348 invoked by uid 1001); 14 Feb 2001 18:24:34 -0000
Date: Wed, 14 Feb 2001 12:24:33 -0600
From: Michael Lea <mlea@atomicbluebear.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: Rob Simmons <rsimmons@wlcg.com>, Ragnar Beer <rbeer@uni-goettingen.de>,
freebsd-security@FreeBSD.ORG
Subject: Re: security settings documentation
Message-ID: <20010214122432.A76375@core.atomicbluebear.org>
Mail-Followup-To: Kris Kennaway <kris@obsecurity.org>,
Rob Simmons <rsimmons@wlcg.com>,
Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG
References: <p04330102b6b0697c0f5b@[134.76.136.114]> <Pine.BSF.4.21.0102141209460.15577-100000@mail.wlcg.com> <20010214092909.B72301@mollari.cthul.hu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010214092909.B72301@mollari.cthul.hu>; from kris@obsecurity.org on Wed, Feb 14, 2001 at 09:29:09AM -0800
--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, 14 Feb 2001, Kris Kennaway wrote:
> Then write up some documentation for us and send it to doc@freebsd.org
Somewhat terse, but here's a little "feature" matrix:
Fascist High Moderate Low
inetd NO NO YES YES
sendmail NO YES YES YES
sshd NO YES YES YES
portmap NO NO * YES
nfs_server NO NO ** ***
securelevel YES (2) YES (1) NO NO
Any other configuration setting are, as near as I can tell, left unchanged.
For details on securelevel, see the init(8) man page.
NOTES:
* Portmap is enabled if the machine has been configured as either an NFS
client or an NFS server earlier in the installation process.
** If the machine has been configured as an NFS server, NFS will only run
on a reserved port.
*** No changes are made to the NFS configuration.
- Mike
--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjqKzVwACgkQc9EFi4qQZEySTACgppRgyLkWRA+LJ7fIv8AYuM7T
W3UAoIQeTHPbvK2WXMzN2/tYYTPMIJpW
=TMdX
-----END PGP SIGNATURE-----
--nFreZHaLTZJo0R7j--
--============_-1229936418==_mr============--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p04330100b6b0a7b83e0a>