Date: Sat, 27 Sep 2003 22:21:23 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.sbin/sysinstall config.c Message-ID: <200309280521.h8S5LNvM011440@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2003/09/27 22:21:23 PDT
FreeBSD src repository
Modified files:
usr.sbin/sysinstall config.c
Log:
Tweak "system security profiles:
(1) Don't modify the configuration of the NFS server as a result of
selecting a profile. We already explicitly prompt for the NFS
server configuration during install, and the user may not get
much advance notice that we're turning it off again. Instead,
use profiles (for better or for worse) only for security tuning.
(2) Don't modify the sendmail setting as part of the security profile:
use the default from /etc/defaults/rc.conf rather than explicitly
specifying. Note that the default in /etc/defaults/rc.conf is
more conservative than the explicit rc.conf entry added by
sysinstall during install, as it does not permit SMTP delivery.
(3) Update "congratulations on your profile" text to reflect these
changes.
Note that security profiles now affect only the securelevel and sshd
settings. My leaning would be to make sshd an explicit configuration
option, move securelevels to the security menu, and drop security
profiles entirely. However, that requires more plumbing of sendmail
than I'm currently willing to invest.
We may want to add a "permit SMTP delivery" question to the install
process.
Revision Changes Path
1.216 +4 -7 src/usr.sbin/sysinstall/config.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309280521.h8S5LNvM011440>