cvs commit: src/usr.sbin/sysinstall config.c

Robert Watson rwatson at FreeBSD.org
Sat Sep 27 22:21:24 PDT 2003


rwatson     2003/09/27 22:21:23 PDT

  FreeBSD src repository

  Modified files:
    usr.sbin/sysinstall  config.c 
  Log:
  Tweak "system security profiles:
  
  (1) Don't modify the configuration of the NFS server as a result of
      selecting a profile.  We already explicitly prompt for the NFS
      server configuration during install, and the user may not get
      much advance notice that we're turning it off again.  Instead,
      use profiles (for better or for worse) only for security tuning.
  
  (2) Don't modify the sendmail setting as part of the security profile:
      use the default from /etc/defaults/rc.conf rather than explicitly
      specifying.  Note that the default in /etc/defaults/rc.conf is
      more conservative than the explicit rc.conf entry added by
      sysinstall during install, as it does not permit SMTP delivery.
  
  (3) Update "congratulations on your profile" text to reflect these
      changes.
  
  Note that security profiles now affect only the securelevel and sshd
  settings.  My leaning would be to make sshd an explicit configuration
  option, move securelevels to the security menu, and drop security
  profiles entirely.  However, that requires more plumbing of sendmail
  than I'm currently willing to invest.
  
  We may want to add a "permit SMTP delivery" question to the install
  process.
  
  Revision  Changes    Path
  1.216     +4 -7      src/usr.sbin/sysinstall/config.c


More information about the cvs-src mailing list