Date: Wed, 07 Mar 2001 22:29:26 +1100 From: Kal Torak <kaltorak@quake.com.au> Cc: FreeBSD-stable <freebsd-stable@freebsd.org> Subject: Re: Security Level in Sysinstall Message-ID: <3AA61B96.D9C91B5E@quake.com.au> References: <3AA61689.D6E5CEF3@quake.com.au> <20010307031052.A38464@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > > Check the -security archives for about 3 or 4 weeks ago -- someone > posted a big list of all of the things which the security setting in > sysinstall does, which will hopefully make its way into the Official > Documentation at some point. Thanks, just incase anyone else was wondering and couldnt find / be botherd searching the security archives I will post what the levels do here... Since it is something that was only added in 4.2 Im sure plenty of people will wonder what it all dose! Extreme ========================================================= Adds the following settings to /etc/rc.conf inetd_enable="NO" portmap_enable="NO" sendmail_enable="NO" sshd_enable="NO" nfs_server_enable="NO" kern_securelevel_enable="YES" kern_securelevel="2" At this level the following services are disabled: inetd portmap sendmail sshd NFS The kernel securelevels are enabled and raised to level 2 --------------------------------------------------------- High ========================================================= Adds the following settings to /etc/rc.conf inetd_enable="NO" sendmail_enable="YES" sshd_enable="YES" portmap_enable="NO" nfs_server_enable="NO" kern_securelevel_enable="YES" kern_securelevel="1" At this level the following services are disabled: inetd portmap NFS Kernel securelevel is enabled and raised to level 1 --------------------------------------------------------- Medium ========================================================= Adds the following settings to /etc/rc.conf inetd_enable="YES" sendmail_enable="YES" sshd_enable="YES" If the machine has been setup as a NFS client or server: portmap_enable="YES" If the machine has not been setup as a NFS server: nfs_reserved_port_only="YES" At this level the following services are enabled: inetd sendmail sshd Depending on whether the machine is setup as a NFS client or server: Client: portmap Server: portmap and NFS is only provided on a secure port Kernel securelevel is not enabled --------------------------------------------------------- Low ========================================================= Adds the following settings to /etc/rc.conf inetd_enable="YES" sendmail_enable="YES" portmap_enable="YES" sshd_enable="YES" At this level the following services are enabled: inetd sendmail portmap sshd Kernel securelevel is not enabled --------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AA61B96.D9C91B5E>