From owner-freebsd-security  Wed Feb 14 22:27:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229])
	by hub.freebsd.org (Postfix) with ESMTP id BC24A37B491
	for <freebsd-security@FreeBSD.ORG>; Wed, 14 Feb 2001 22:27:28 -0800 (PST)
Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1])
	by winston.osd.bsdi.com (8.11.2/8.11.1) with ESMTP id f1F6QxH90508;
	Wed, 14 Feb 2001 22:27:00 -0800 (PST)
	(envelope-from jkh@winston.osd.bsdi.com)
To: Michael Lea <mlea@atomicbluebear.org>
Cc: Kris Kennaway <kris@obsecurity.org>,
	Rob Simmons <rsimmons@wlcg.com>,
	Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG
Subject: Re: security settings documentation 
In-Reply-To: Message from Michael Lea <mlea@atomicbluebear.org> 
   of "Wed, 14 Feb 2001 12:24:33 CST." <20010214122432.A76375@core.atomicbluebear.org> 
Date: Wed, 14 Feb 2001 22:26:59 -0800
Message-ID: <90504.982218419@winston.osd.bsdi.com>
From: Jordan Hubbard <jkh@winston.osd.bsdi.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This looks like a really good start for at least a one-pager inside of
sysinstall which comes up when the user hits F1 at the appropriate
menu.  I'll see what I can turn it into.

- Jordan

> 
> --nFreZHaLTZJo0R7j
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> 
> On Wed, 14 Feb 2001, Kris Kennaway wrote:
> 
> > Then write up some documentation for us and send it to doc@freebsd.org
> 
> Somewhat terse, but here's a little "feature" matrix:
> 
>                Fascist        High           Moderate       Low
> inetd          NO             NO             YES            YES
> sendmail       NO             YES            YES            YES
> sshd           NO             YES            YES            YES
> portmap        NO             NO             *              YES
> nfs_server     NO             NO             **             ***
> securelevel    YES (2)        YES (1)        NO             NO
> 
> Any other configuration setting are, as near as I can tell, left unchanged.
> For details on securelevel, see the init(8) man page.
> 
> NOTES:
> *   Portmap is enabled if the machine has been configured as either an NFS
>     client or an NFS server earlier in the installation process.
> **  If the machine has been configured as an NFS server, NFS will only run
>     on a reserved port.
> *** No changes are made to the NFS configuration.
> 
> - Mike
> 
> --nFreZHaLTZJo0R7j
> Content-Type: application/pgp-signature
> Content-Disposition: inline
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (FreeBSD)
> Comment: For info see http://www.gnupg.org
> 
> iEYEARECAAYFAjqKzVwACgkQc9EFi4qQZEySTACgppRgyLkWRA+LJ7fIv8AYuM7T
> W3UAoIQeTHPbvK2WXMzN2/tYYTPMIJpW
> =TMdX
> -----END PGP SIGNATURE-----
> 
> --nFreZHaLTZJo0R7j--
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-doc" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message