Date: Fri, 22 Sep 2000 21:40:04 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Brett Glass <brett@lariat.org> Cc: Wes Peters <wes@softweyr.com>, security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922214004.A33011@mithrandr.moria.org> In-Reply-To: <4.3.2.7.2.20000922122414.00c7c420@localhost>; from brett@lariat.org on Fri, Sep 22, 2000 at 12:25:20PM -0600 References: <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922165725.A30364@mithrandr.moria.org> <4.3.2.7.2.20000922122414.00c7c420@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri 2000-09-22 (12:25), Brett Glass wrote: > No; the LACK of certain things in the default install and in sysinstall > leads to tedious work. It'd be nice to do it once and for all. If you could be so kind as to check out sysinstall and test out jkh's new security config levels, your feedback would be appreciated. High security does: + variable_set2("inetd_enable", "NO", 1); + variable_set2("portmap_enable", "NO", 1); + variable_set2("sendmail_enable", "NO", 1); + variable_set2("sshd_enable", "NO", 1); + variable_set2("nfs_server_enable", "NO", 1); + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "2", 1); Medium: + variable_set2("inetd_enable", "YES", 1); + if (!variable_cmp("nfs_client_enable", "YES") || + !variable_cmp("nfs_server_enable", "YES")) + variable_set2("portmap_enable", "YES", 1); + if (!variable_cmp("nfs_server_enable", "YES")) + variable_set2("nfs_reserved_port_only", "YES", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); Liberal: + variable_set2("inetd_enable", "YES", 1); + variable_set2("portmap_enable", "YES", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922214004.A33011>