Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Sep 2000 21:40:04 +0200
From:      Neil Blakey-Milner <nbm@mithrandr.moria.org>
To:        Brett Glass <brett@lariat.org>
Cc:        Wes Peters <wes@softweyr.com>, security@FreeBSD.ORG
Subject:   Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?)
Message-ID:  <20000922214004.A33011@mithrandr.moria.org>
In-Reply-To: <4.3.2.7.2.20000922122414.00c7c420@localhost>; from brett@lariat.org on Fri, Sep 22, 2000 at 12:25:20PM -0600
References:  <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922165725.A30364@mithrandr.moria.org> <4.3.2.7.2.20000922122414.00c7c420@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri 2000-09-22 (12:25), Brett Glass wrote:
> No; the LACK of certain things in the default install and in sysinstall
> leads to tedious work. It'd be nice to do it once and for all.

If you could be so kind as to check out sysinstall and test out jkh's
new security config levels, your feedback would be appreciated.

High security does:
+    variable_set2("inetd_enable", "NO", 1);
+    variable_set2("portmap_enable", "NO", 1);
+    variable_set2("sendmail_enable", "NO", 1);
+    variable_set2("sshd_enable", "NO", 1);
+    variable_set2("nfs_server_enable", "NO", 1);
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "2", 1);

Medium:
+    variable_set2("inetd_enable", "YES", 1);
+    if (!variable_cmp("nfs_client_enable", "YES") ||
+       !variable_cmp("nfs_server_enable", "YES"))
+       variable_set2("portmap_enable", "YES", 1);
+    if (!variable_cmp("nfs_server_enable", "YES"))
+       variable_set2("nfs_reserved_port_only", "YES", 1);
+    variable_set2("sendmail_enable", "YES", 1);
+    variable_set2("sshd_enable", "YES", 1);

Liberal:
+    variable_set2("inetd_enable", "YES", 1);
+    variable_set2("portmap_enable", "YES", 1);
+    variable_set2("sendmail_enable", "YES", 1);
+    variable_set2("sshd_enable", "YES", 1);

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922214004.A33011>