diff options
| author | eivind <eivind@FreeBSD.org> | 2000-07-28 22:45:36 +0000 |
|---|---|---|
| committer | eivind <eivind@FreeBSD.org> | 2000-07-28 22:45:36 +0000 |
| commit | 126215b8e1fefe0132b7a6fb3caf7c1c129287cb (patch) | |
| tree | 75eeb0957eaaf26ae5e87f6a11a989b829b7811f /etc | |
| parent | 32619ababb1de7a86b431c2da6e1a4884f041f79 (diff) | |
| download | FreeBSD-src-126215b8e1fefe0132b7a6fb3caf7c1c129287cb.zip FreeBSD-src-126215b8e1fefe0132b7a6fb3caf7c1c129287cb.tar.gz | |
Change the defaults for portmap, sendmail and inetd to be not running them.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null. Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)
Reviewed by: jhb
Discussed with: The usual cabal
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/defaults/rc.conf | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index ec478c8..4df5338 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -86,7 +86,7 @@ ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="-s" # Flags to syslogd (if enabled). -inetd_enable="YES" # Run the network daemon dispatcher (or NO). +inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_flags="-wW" # Optional flags to inetd # # named. It may be possible to run named in a sandbox, man security for @@ -118,7 +118,7 @@ nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="DEFAULT" # bufspace (in packets) for client (or DEFAULT) rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). -portmap_enable="YES" # Run the portmapper service (or NO). +portmap_enable="NO" # Run the portmapper service (YES/NO). portmap_program="/usr/sbin/portmap" # path to portmap, if you want a different one. portmap_flags="" # Flags to portmap (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). @@ -273,7 +273,7 @@ lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. lpd_flags="" # Flags to lpd (if enabled). usbd_enable="NO" # Run the usbd daemon. usbd_flags="" # Flags to usbd (if enabled). -sendmail_enable="YES" # Run the sendmail daemon (or NO). +sendmail_enable="NO" # Run the sendmail daemon (YES/NO). sendmail_flags="-bd -q30m" # Flags to sendmail (if enabled) dumpdev="NO" # Device name to crashdump to (or NO). enable_quotas="NO" # turn on quotas on startup (or NO). |
