diff options
| -rw-r--r-- | release/sysinstall/config.c | 10 | ||||
| -rw-r--r-- | release/sysinstall/help/security.hlp | 21 | ||||
| -rw-r--r-- | release/sysinstall/menus.c | 4 |
3 files changed, 28 insertions, 7 deletions
diff --git a/release/sysinstall/config.c b/release/sysinstall/config.c index f3c8fe7e8a1f..39208e818813 100644 --- a/release/sysinstall/config.c +++ b/release/sysinstall/config.c @@ -553,8 +553,8 @@ configSecurityModerate(dialogMenuItem *self) "mechanisms like inetd(8) have been enabled by default\n" "for a comfortable user experience but with possible\n" "trade-offs in system security. If this bothers you and\n" - "you know exactly what you are doing, select the high\n" - "high security profile instead.\n\n" + "you know exactly what you are doing, select one of the\n" + "other security profiles instead.\n\n" "To change any of these settings later, edit /etc/rc.conf"); restorescr(w); @@ -576,9 +576,9 @@ configSecurityLiberal(dialogMenuItem *self) "This means that most \"popular\" network services and\n" "mechanisms like inetd(8) have been enabled by default\n" "for the most comfortable user experience but with possible\n" - "trade-offs in system security. If this bothers you, select\n" - "the medium security profile or, if you know exactly what you\n" - "are doing, the high security profile instead.\n\n" + "trade-offs in system security. If this bothers you and\n" + "you know exactly what you are doing, select one of the\n" + "other security profiles instead.\n\n" "To change any of these settings later, edit /etc/rc.conf"); restorescr(w); diff --git a/release/sysinstall/help/security.hlp b/release/sysinstall/help/security.hlp new file mode 100644 index 000000000000..31b421b33654 --- /dev/null +++ b/release/sysinstall/help/security.hlp @@ -0,0 +1,21 @@ +Please see the FreeBSD FAQ for more detailed information on security +profiles. The following table is intended to give you a rough idea just +which services are enabled (or disabled) by each of the canned security +profiles: + + Fascist High Moderate Low + ------- ---- -------- --- +inetd NO NO YES YES +sendmail NO YES YES YES +sshd NO YES YES YES +portmap NO NO * YES +nfs_server NO NO ** *** +securelevel YES (2) YES (1) NO NO + + +NOTES: +* Portmap is enabled if the machine has been configured as either an NFS + client or an NFS server earlier in the installation process. +** If the machine has been configured as an NFS server, NFS will only run + on a reserved port. +*** No changes are made to the NFS configuration. diff --git a/release/sysinstall/menus.c b/release/sysinstall/menus.c index 9bd07f4878c6..e59631e7aab2 100644 --- a/release/sysinstall/menus.c +++ b/release/sysinstall/menus.c @@ -1604,8 +1604,8 @@ DMenu MenuSecurityProfile = { "Each item in this list will set what it considers to\n" "be \"appropriate\" values in that category for various\n" "security-related knobs in /etc/rc.conf.", - "Select a canned security profile.", - NULL, + "Select a canned security profile - F1 for help", + "security", /* help file */ { { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate }, { "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal }, { "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate }, |