aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDima Dorfman <dd@FreeBSD.org>2001-08-31 16:14:25 +0000
committerDima Dorfman <dd@FreeBSD.org>2001-08-31 16:14:25 +0000
commit347fa35657a3fe6bc6a2b936b2179bf18608e851 (patch)
treebc422ae97fbb5c2c74398a90df3019a5160b6f72
parentdd93ac6342e406af2f39efb1cd41505b07bce171 (diff)
downloaddoc-347fa35657a3fe6bc6a2b936b2179bf18608e851.tar.gz
doc-347fa35657a3fe6bc6a2b936b2179bf18608e851.zip
Update the question about sysinstall security profiles to reflect
reality. Also fix some bad grammar. PR: 30203 Submitted by: Michael Lucas <mwlucas@blackhelicopters.org>
Notes
Notes: svn path=/head/; revision=10512
-rw-r--r--en_US.ISO8859-1/books/faq/book.sgml62
1 files changed, 14 insertions, 48 deletions
diff --git a/en_US.ISO8859-1/books/faq/book.sgml b/en_US.ISO8859-1/books/faq/book.sgml
index b17efb704c..2218c579bb 100644
--- a/en_US.ISO8859-1/books/faq/book.sgml
+++ b/en_US.ISO8859-1/books/faq/book.sgml
@@ -17,7 +17,7 @@
<corpauthor>The FreeBSD Documentation Project</corpauthor>
- <pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.256 2001/08/19 18:51:53 jim Exp $</pubdate>
+ <pubdate>$FreeBSD: doc/en_US.ISO8859-1/books/faq/book.sgml,v 1.257 2001/08/23 22:06:11 dd Exp $</pubdate>
<copyright>
<year>1995</year>
@@ -2178,52 +2178,37 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<para>A <quote>security profile</quote> is a set of configuration
options that attempts to achieve the desired ratio of security
to convenience by enabling and disabling certain programs and
- other settings. The more severe the security profile, the less
- programs will be enabled by default; this is one of the basic
- principles of security: do not run anything except what you
- must.</para>
+ other settings. The more severe the security profile, the fewer
+ programs will be enabled by
+ default. This is one of the basic principles of security:
+ do not run anything except what you must.</para>
<para>Please note that the security profile is just a default
setting. All programs can be enabled and disabled after you have
installed FreeBSD by editing or adding the appropriate line(s)
- to <filename>/etc/rc.conf</filename>. For more information on
- the latter, please see the &man.rc.conf.5; manual page.</para>
+ to <filename>/etc/rc.conf</filename>. For more information,
+ please see the &man.rc.conf.5; manual page.</para>
- <para>Following is a table that describes what each security
- profile does. The columns are the choices you have for a
- security profile, and the rows are the program or feature that
- is enabled or disabled.</para>
+ <para>The following table describes what each of the
+ security profiles do. The columns are the choices you
+ have for a security profile, and the rows are the program
+ or feature that the profile enables or disables.</para>
<table>
<title>Possible security profiles</title>
- <tgroup cols=5>
+ <tgroup cols=3>
<thead>
<row>
<entry></entry>
<entry>Extreme</entry>
- <entry>High</entry>
-
<entry>Moderate</entry>
-
- <entry>Low</entry>
</row>
</thead>
<tbody>
- <row>
- <entry>&man.inetd.8;</entry>
-
- <entry>NO</entry>
-
- <entry>NO</entry>
-
- <entry>YES</entry>
-
- <entry>YES</entry>
- </row>
<row>
<entry>&man.sendmail.8;</entry>
@@ -2231,10 +2216,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry>
<entry>YES</entry>
-
- <entry>YES</entry>
-
- <entry>YES</entry>
</row>
<row>
@@ -2243,10 +2224,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry>
<entry>YES</entry>
-
- <entry>YES</entry>
-
- <entry>YES</entry>
</row>
<row>
@@ -2254,8 +2231,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry>
- <entry>NO</entry>
-
<entry>MAYBE <footnote>
<para>The portmapper is enabled if the machine has been
configured as an NFS client or server earlier in the
@@ -2263,7 +2238,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</footnote>
</entry>
- <entry>YES</entry>
</row>
<row>
@@ -2271,10 +2245,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
<entry>NO</entry>
- <entry>NO</entry>
-
- <entry>YES</entry>
-
<entry>YES</entry>
</row>
@@ -2291,10 +2261,6 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</footnote>
</entry>
- <entry>YES (1)</entry>
-
- <entry>NO</entry>
-
<entry>NO</entry>
</row>
</tbody>
@@ -2302,8 +2268,8 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
</table>
<warning>
- <para>The security profile is not a silver bullet! Setting
- it high does not mean you do not have to keep up with security
+ <para>The security profile is not a silver bullet! Even if you use the
+ extreme setting, you need to keep up with security
issues by reading an appropriate <ulink
url="../handbook/eresources.html#ERESOURCES-MAIL">mailing
list</ulink>, using good passwords and passphrases, and