1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00
freebsd/usr.sbin
Robert Watson 4880db4afd Tweak "system security profiles:
(1) Don't modify the configuration of the NFS server as a result of
    selecting a profile.  We already explicitly prompt for the NFS
    server configuration during install, and the user may not get
    much advance notice that we're turning it off again.  Instead,
    use profiles (for better or for worse) only for security tuning.

(2) Don't modify the sendmail setting as part of the security profile:
    use the default from /etc/defaults/rc.conf rather than explicitly
    specifying.  Note that the default in /etc/defaults/rc.conf is
    more conservative than the explicit rc.conf entry added by
    sysinstall during install, as it does not permit SMTP delivery.

(3) Update "congratulations on your profile" text to reflect these
    changes.

Note that security profiles now affect only the securelevel and sshd
settings.  My leaning would be to make sshd an explicit configuration
option, move securelevels to the security menu, and drop security
profiles entirely.  However, that requires more plumbing of sendmail
than I'm currently willing to invest.

We may want to add a "permit SMTP delivery" question to the install
process.
2003-09-28 05:21:23 +00:00
..
ac Remove unused #includes. Eliminate castings by using size_t instead of int. 2002-10-17 13:19:47 +00:00
accton Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
acpi Only print an end '}' if the field was non-zero (i.e. there were some flags 2003-09-21 03:51:48 +00:00
adduser mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
amd Sync with fresh generated file, keep our changed settings. This seems 2003-09-02 17:38:30 +00:00
ancontrol - Add support for Cisco latest firmware RID sizes that supports 25 SSIDs! 2003-08-20 03:46:05 +00:00
apm Remove the zzz files since they have been moved to src/usr.sbin/zzz 2003-07-14 16:32:45 +00:00
apmd - Set close on exec flag for device file descriptors. 2003-06-22 05:57:34 +00:00
arp Implement a new option: -i, which will allow to limit 2003-07-18 13:48:06 +00:00
asf Add -s option to strip subdirectory from module path. 2003-09-25 07:56:48 +00:00
atm Use a size_t for variables that need to hold buffer lengths. 2003-07-29 13:40:52 +00:00
bluetooth Account for the fact that "buildworld" builds in the 'obj' tree 2003-06-24 18:45:22 +00:00
boot0cfg Get rid of duplicates. 2003-09-14 13:41:59 +00:00
boot98cfg s/DIOCGPC98/DIOCSPC98/ 2003-05-02 14:55:42 +00:00
bootparamd fix problem with uninitalized ptr (from PR) 2003-06-20 04:54:27 +00:00
btxld Make this work on different endianness machines. 2003-03-11 13:48:58 +00:00
burncd Fix "write from stdin". 2003-07-26 12:14:58 +00:00
cdcontrol Retire 'c' partition for a CD device. 2003-09-01 12:50:02 +00:00
chkgrp Warn if there is no newline at the end of the group file. 2003-06-06 07:10:39 +00:00
chown Use uid_t. 2003-09-07 16:43:53 +00:00
chroot Allow the optional setting of a user, primary group, or grouplist 2003-06-07 10:56:12 +00:00
ckdist - Align the function prototype of the external `crc' function with 2003-03-13 23:34:18 +00:00
config Add a reference to config(5) in the SEE ALSO section. 2003-08-06 21:41:35 +00:00
cron Fix a coredump that would occur when fdopen was unable to 2003-06-19 20:04:51 +00:00
crunch Fix a bug that caused i386 to produce broken binaries for big-endian 2003-08-08 15:44:17 +00:00
ctm No need to define externs for getopt interface. 2003-08-07 05:47:49 +00:00
daemon add FBSDID 2003-07-06 12:44:11 +00:00
devinfo -v now also prints the pnpinfo and location information for the devices 2003-02-17 18:56:54 +00:00
digictl style.Makefile(5) 2003-04-04 17:49:21 +00:00
diskinfo Assorted mdoc(7) fixes. 2003-05-31 18:07:09 +00:00
editmap Remove MAINTAINER= lines from individual Makefiles in favor of the 2003-07-07 03:54:04 +00:00
edquota mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
elf2exe
extattr Update lsextattr(8) to use the new extattr_list_*() APIs, rather than 2003-06-05 04:30:00 +00:00
extattrctl When giving examples of how to use extattrctl(8) to configure UFS1 2003-05-14 20:31:06 +00:00
faithd Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 2003-01-01 18:49:04 +00:00
fdcontrol Grammar tweaking. "has been" is very often not as good as "is" or "was". 2003-07-06 18:27:23 +00:00
fdformat
fdread
fdwrite
fwcontrol Add -p option to dump phy registers. 2003-09-25 09:33:16 +00:00
getfmac sigh... revert the previous change; this isn't getpmac 2003-01-15 03:13:51 +00:00
getpmac mdoc(7) police: Scheduled sweep. 2003-02-24 22:53:26 +00:00
gstat Sigh, I guess this manpage used cat(1) as a template? 2003-05-31 18:19:50 +00:00
i4b Get rid of duplicates. 2003-09-14 13:41:59 +00:00
ifmcstat style.Makefile(5) 2003-04-04 17:49:21 +00:00
inetd Move my inetd maintainer note to src/MAINTAINERS. 2003-07-15 16:52:22 +00:00
iostat Remove MAINTAINER= lines in the makefiles for camcontrol, iostat, libcam 2003-06-14 05:28:01 +00:00
ipftest Move my maintainership of parts of ipfilter back to Darren Reed 2003-06-06 11:30:50 +00:00
ipresend Move my maintainership of parts of ipfilter back to Darren Reed 2003-06-06 11:30:50 +00:00
ipsend Move my maintainership of parts of ipfilter back to Darren Reed 2003-06-06 11:30:50 +00:00
iptest Move my maintainership of parts of ipfilter back to Darren Reed 2003-06-06 11:30:50 +00:00
IPXrouted The .Xr utility 2003-06-08 14:06:45 +00:00
jail add FBSDID 2003-07-06 12:44:11 +00:00
jexec Make jexec duplicate the actions of the shell searching for an 2003-07-04 19:14:27 +00:00
jls IP addresses can be up to 15 characters long, not 12. 2003-04-22 13:24:56 +00:00
kbdcontrol Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
kbdmap mdoc(7) police: bump document date for the C rewrite, nit. 2002-12-04 14:45:48 +00:00
kernbb Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
keyserv Use arc4random() instead of random() when generating the master key. 2003-02-18 01:35:58 +00:00
kgmon Use correct item to track max width of list 2003-03-24 20:55:28 +00:00
kgzip Remove uneeded cast. 2003-06-11 21:37:19 +00:00
kldxref style.Makefile(5) 2003-04-04 17:49:21 +00:00
lastlogin
lpr Minimal update to make it easier to increase the buffer-size lpd uses 2003-08-21 03:43:48 +00:00
lptcontrol Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
mailstats Remove MAINTAINER= lines from individual Makefiles in favor of the 2003-07-07 03:54:04 +00:00
mailwrapper add FBSDID 2003-07-06 12:44:11 +00:00
makemap Remove MAINTAINER= lines from individual Makefiles in favor of the 2003-07-07 03:54:04 +00:00
manctl
memcontrol mdoc(7) police: markup fixes. 2002-11-27 15:31:08 +00:00
mergemaster Use the actual build target (all), since relying on the build as a 2003-08-04 10:23:45 +00:00
mixer Document changes to default output. 2003-06-15 08:46:36 +00:00
mld6query
mlxcontrol
mount_nwfs Make this 64 bit clean. Use size_t for sysctl() length pointer args. 2003-07-25 20:56:57 +00:00
mount_portalfs Correct paths to mount sources. 2003-07-02 16:43:14 +00:00
mount_smbfs Correct paths to mount sources. 2003-07-02 16:43:14 +00:00
mountd When reporting errors binding IPv6 TCP sockets, don't call them UDP 2003-07-17 10:11:26 +00:00
moused Add section number to .Xr 2003-06-08 14:04:49 +00:00
mptable Don't need to redundantly redeclare optreset. 2003-06-07 18:33:18 +00:00
mrouted Get rid of duplicates. 2003-09-14 13:41:59 +00:00
mtest add FBSDID 2003-07-06 12:44:11 +00:00
mtree Get rid of duplicates. 2003-09-14 13:41:59 +00:00
named LANG->LC_ALL 2003-08-04 21:31:53 +00:00
named.reload
named.restart
ndc style.Makefile(5) 2003-04-04 17:49:21 +00:00
ndp introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to 2003-08-05 14:57:11 +00:00
newsyslog Restructure the time processing routines, mainly to fix up the 2003-09-23 00:00:26 +00:00
nfsd style.Makefile(5) 2003-04-04 17:49:21 +00:00
ngctl Add missing "of". 2002-12-14 00:20:43 +00:00
nghook add FBSDID, compare getopt() against -1, use fprintf() + exit() in usage() 2003-08-17 09:06:08 +00:00
nologin
nslookup style.Makefile(5) 2003-04-04 17:49:21 +00:00
nsupdate
ntp Xref police: ntp.conf(8) -> ntp.conf(5). 2003-06-17 09:51:17 +00:00
ofwdump Autosize the property buffer instead of limiting it to 8192, and 2003-06-11 18:44:26 +00:00
pccard Go ahead and allow ports as high as 0xfff to be used for pccard 2003-08-03 06:17:06 +00:00
pciconf make pciconf understand it's own output as stated in the manpage. 2003-06-20 23:59:25 +00:00
pcvt Call exit(0), not exit. 2003-04-29 19:53:00 +00:00
periodic
pkg_install Clarify the order of arguments passed to the pre-/post-install script 2003-08-26 14:49:11 +00:00
pnpinfo style.Makefile(5) 2003-04-04 17:49:21 +00:00
ppp Add Cisco Skinny Station protocol support to libalias, natd, and ppp. 2003-09-23 07:41:55 +00:00
pppctl add FBSDID 2003-07-06 12:44:11 +00:00
pppd Don't check for the existance of src/crypto/ for building items that 2003-07-24 18:30:25 +00:00
pppstats
praliases Remove MAINTAINER= lines from individual Makefiles in favor of the 2003-07-07 03:54:04 +00:00
procctl Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
pstat Remove options processing for dumping swapdevice radix map. 2003-07-31 21:20:08 +00:00
pw mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
pwd_mkdb Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
quot Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
quotaon Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
rarpd Make it clear that -a flag and interface parameter are mutually exclusive 2003-08-16 22:23:16 +00:00
raycontrol update for 802.11 support 2003-06-28 06:19:37 +00:00
repquota Add support for a -n argument which displays user and group IDs 2003-07-07 21:41:23 +00:00
rip6query
rmt There is no need to #include <sgtty.h> 2003-09-04 01:33:43 +00:00
route6d rtm_seq is int, so seq/myseq should be int. 2003-08-18 16:20:30 +00:00
rpc.lockd When getting back an NLM DENIED response for a requested lock from the 2003-05-15 03:19:30 +00:00
rpc.statd style.Makefile(5) 2003-04-04 17:49:21 +00:00
rpc.umntall Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
rpc.yppasswdd Fix yppasswdproc_update_master_1_svc() too. 2003-06-15 21:24:45 +00:00
rpc.ypupdated Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
rpc.ypxfrd Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
rpcbind style.Makefile(5) 2003-04-04 17:49:21 +00:00
rrenumd english(4) police. 2002-12-27 12:15:40 +00:00
rtadvd fixed memory leak. 2003-09-20 09:41:13 +00:00
rtprio add FBSDID 2003-07-06 12:44:11 +00:00
rtsold backout 1.11. ifname in struct ifreq should be copyed by strncpy. 2003-08-17 11:54:58 +00:00
rwhod use a list to enumerate options 2003-07-06 12:27:52 +00:00
sa Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
sade Tweak "system security profiles: 2003-09-28 05:21:23 +00:00
sendmail Don't check for the existance of src/crypto/ for building items that 2003-07-24 18:30:25 +00:00
setfmac Mostly fixed the SYNOPSIS. 2003-05-31 18:42:18 +00:00
setkey Use NI_xxx macros. 2003-04-16 09:53:29 +00:00
setpmac mdoc(7) police: Scheduled sweep. 2003-02-24 22:53:26 +00:00
sgsc
sicontrol mdoc(7) police: Deal with self-xrefs. 2002-12-24 13:41:48 +00:00
sliplogin Add section number to .Xr 2003-06-08 14:33:04 +00:00
slstat Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
spkrtest
spray do not call clnt_spcreateerror nor clnt_sperror with a NULL pointer, instead 2002-07-15 18:53:52 +00:00
stallion Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 2003-01-01 18:49:04 +00:00
sysinstall Tweak "system security profiles: 2003-09-28 05:21:23 +00:00
syslogd mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
tcpdchk Turn on the extended syntax, which TCP_wrappers has by default, as 2003-07-24 19:58:56 +00:00
tcpdmatch Drop MAINTAINER bits from here. 2003-06-04 15:58:03 +00:00
tcpdump Don't check for the existance of src/crypto/ for building items that 2003-07-24 18:30:25 +00:00
timed de-__P 2003-07-06 10:37:00 +00:00
traceroute Update for traceroute 1.4a12 2002-07-28 02:27:07 +00:00
traceroute6 Quote from a Problem Report: 2003-07-21 11:06:47 +00:00
trpt Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
tzsetup style.Makefile(5) 2003-04-04 17:49:21 +00:00
ugidfw style.Makefile(5) 2003-04-04 17:49:21 +00:00
usbd The second argument to fgetln() is a size_t *, not an int *. 2003-07-12 17:56:50 +00:00
usbdevs
vidcontrol Propagate ioctl() failure to exit status 2003-09-18 16:20:32 +00:00
vipw Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
vnconfig
watch Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
watchdogd o style(9) fixes 2003-07-03 03:37:04 +00:00
wicontrol - Reorder to group the non-obsolete options together 2003-09-18 16:18:45 +00:00
wlconfig
yp_mkdb Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
ypbind Correct a spelling error. 2003-06-04 19:24:24 +00:00
yppoll Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
yppush Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
ypserv Eliminated two dozens of superfluous cats and two r-cats (sorry, Jordan). 2003-06-13 16:13:28 +00:00
ypset Include stdlib.h for exit() 2003-06-08 06:25:47 +00:00
zic style.Makefile(5) 2003-04-04 17:49:21 +00:00
zzz add section name 2003-08-16 19:59:53 +00:00
Makefile Add acpi to the build on ia64. The support for ACPI 2.0x has gotten 2003-09-16 21:25:42 +00:00
Makefile.inc