Date: Wed, 14 Feb 2001 23:21:28 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Michael Lea <mlea@atomicbluebear.org> Cc: Kris Kennaway <kris@obsecurity.org>, Rob Simmons <rsimmons@wlcg.com>, Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG Subject: Re: security settings documentation Message-ID: <20010214232128.S62368@rfx-216-196-73-168.users.reflex> In-Reply-To: <20010214122432.A76375@core.atomicbluebear.org>; from mlea@atomicbluebear.org on Wed, Feb 14, 2001 at 12:24:33PM -0600 References: <p04330102b6b0697c0f5b@[134.76.136.114]> <Pine.BSF.4.21.0102141209460.15577-100000@mail.wlcg.com> <20010214092909.B72301@mollari.cthul.hu> <20010214122432.A76375@core.atomicbluebear.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 14, 2001 at 12:24:33PM -0600, Michael Lea wrote: > On Wed, 14 Feb 2001, Kris Kennaway wrote: > > > Then write up some documentation for us and send it to doc@freebsd.org > > Somewhat terse, but here's a little "feature" matrix: > > Fascist High Moderate Low > inetd NO NO YES YES > sendmail NO YES YES YES > sshd NO YES YES YES > portmap NO NO * YES > nfs_server NO NO ** *** > securelevel YES (2) YES (1) NO NO ^^^^^^^^^^^ ^^^ ^^^ Noooooooooooooooo! Setting securelevel is silly. We're just going to get a _lot_ of people wondering why they can't install a new kernel, load kernel modules, set ipfw rules sending messages to -questions, etc. But their boxes really aren't that much more secure. Without setting quite a few files schg, it does not really add much security. Effectively implementing securelevel(8) is non-trivial. Anyone who can do it is more than capable of figuring out how to turn it on. As for the other stuff, kewl. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010214232128.S62368>