From owner-cvs-src@FreeBSD.ORG  Sat Sep 27 22:21:24 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B7A7116A4B3; Sat, 27 Sep 2003 22:21:24 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 44D6043FF2; Sat, 27 Sep 2003 22:21:24 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h8S5LOXJ011441;
	Sat, 27 Sep 2003 22:21:24 -0700 (PDT)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h8S5LNvM011440;
	Sat, 27 Sep 2003 22:21:23 -0700 (PDT)
	(envelope-from rwatson)
Message-Id: <200309280521.h8S5LNvM011440@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sat, 27 Sep 2003 22:21:23 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/usr.sbin/sysinstall config.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Sep 2003 05:21:24 -0000

rwatson     2003/09/27 22:21:23 PDT

  FreeBSD src repository

  Modified files:
    usr.sbin/sysinstall  config.c 
  Log:
  Tweak "system security profiles:
  
  (1) Don't modify the configuration of the NFS server as a result of
      selecting a profile.  We already explicitly prompt for the NFS
      server configuration during install, and the user may not get
      much advance notice that we're turning it off again.  Instead,
      use profiles (for better or for worse) only for security tuning.
  
  (2) Don't modify the sendmail setting as part of the security profile:
      use the default from /etc/defaults/rc.conf rather than explicitly
      specifying.  Note that the default in /etc/defaults/rc.conf is
      more conservative than the explicit rc.conf entry added by
      sysinstall during install, as it does not permit SMTP delivery.
  
  (3) Update "congratulations on your profile" text to reflect these
      changes.
  
  Note that security profiles now affect only the securelevel and sshd
  settings.  My leaning would be to make sshd an explicit configuration
  option, move securelevels to the security menu, and drop security
  profiles entirely.  However, that requires more plumbing of sendmail
  than I'm currently willing to invest.
  
  We may want to add a "permit SMTP delivery" question to the install
  process.
  
  Revision  Changes    Path
  1.216     +4 -7      src/usr.sbin/sysinstall/config.c