Date: Tue, 31 Mar 2026 16:49:16 +0000 From: bugzilla-noreply@freebsd.org To: doc@FreeBSD.org Subject: [Bug 294167] Handbook Security chapter does not mention "hardening" Message-ID: <bug-294167-9@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294167 Bug ID: 294167 Summary: Handbook Security chapter does not mention "hardening" Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Books & Articles Assignee: doc@FreeBSD.org Reporter: bigsneaky@duck.com "Security" (Chapter 16) does not include the keyword "harden" or "hardening". https://github.com/freebsd/freebsd-doc/blob/main/documentation/content/en/books/handbook/security/_index.adoc "Installing FreeBSD" (Chapter 2) covers hardening options available during install: https://github.com/freebsd/freebsd-doc/blob/main/documentation/content/en/books/handbook/bsdinstall/_index.adoc#85-enabling-hardening-security-options These options are set by the hardening script: https://github.com/freebsd/freebsd-src/blob/main/usr.sbin/bsdinstall/scripts/hardening Logically, system hardening fits the "Security" chapter so the bsdinstall options should be mentioned. But this is of limited use post-install. While possible (albeit undocumented, bug #294148) to do # bsdinstall hardening this surely shouldn't be recommended due to limitations of the script (doesn't show if option already enabled, only writes to config files to enable not disable, writes repeatedly when run a second time, etc). Far better would be to explain how to enable - and disable - these hardening options, and perhaps others, manually. Config (Chapter 14) comes before Security (Chapter 16) so there's no need to explain "how to edit a config file", just which edits to make. (Note Config doesn't mention "harden[ing]" either.) https://github.com/freebsd/freebsd-doc/blob/main/documentation/content/en/books/handbook/config/_index.adoc A complete resolution would add a cross-reference in the bsdinstall chapter's "Enabling Hardening Security Options" section to the relevant part (likely a new "System Hardening" section) of the Security chapter, for further information on the hardening options and how to enable/disable post-install. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294167-9>