Fix some of the security profile messages to be more explanatory

and also obey most of the rules of english in their construction.

Add a help screen for the security menu which gives the user a rough idea
just what the various security profiles do.

3 files changed, 28 insertions, 6 deletions

diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c
index 3dc9f7e..9a15299 100644
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@@ -554,8 +554,8 @@ configSecurityModerate(dialogMenuItem *self)
 	    "mechanisms like inetd(8) have been enabled by default\n"
 	    "for a comfortable user experience but with possible\n"
 	    "trade-offs in system security.  If this bothers you and\n"
-	    "you know exactly what you are doing, select the high\n"
-	    "high security profile instead.\n\n"
+	    "you know exactly what you are doing, select one of the\n"
+	    "other security profiles instead.\n\n"
 	    "To change any of these settings later, edit /etc/rc.conf");
 
     restorescr(w);
@@ -578,9 +578,9 @@ configSecurityLiberal(dialogMenuItem *self)
 	    "This means that most \"popular\" network services and\n"
 	    "mechanisms like inetd(8) have been enabled by default\n"
 	    "for the most comfortable user experience but with possible\n"
-	    "trade-offs in system security.  If this bothers you, select\n"
-	    "the medium security profile or, if you know exactly what you\n"
-	    "are doing, the high security profile instead.\n\n"
+	    "trade-offs in system security.  If this bothers you and\n"
+	    "you know exactly what you are doing, select one of the\n"
+	    "other security profiles instead.\n\n"
 	    "To change any of these settings later, edit /etc/rc.conf");
 
     restorescr(w);
diff --git a/usr.sbin/sysinstall/help/security.hlp b/usr.sbin/sysinstall/help/security.hlp
new file mode 100644
index 0000000..31b421b
--- /dev/null
+++ b/usr.sbin/sysinstall/help/security.hlp
@@ -0,0 +1,21 @@
+Please see the FreeBSD FAQ for more detailed information on security
+profiles. The following table is intended to give you a rough idea just
+which services are enabled (or disabled) by each of the canned security
+profiles:
+
+               Fascist        High           Moderate       Low
+               -------        ----           --------       ---
+inetd          NO             NO             YES            YES
+sendmail       NO             YES            YES            YES
+sshd           NO             YES            YES            YES
+portmap        NO             NO             *              YES
+nfs_server     NO             NO             **             ***
+securelevel    YES (2)        YES (1)        NO             NO
+
+
+NOTES:
+*   Portmap is enabled if the machine has been configured as either an NFS
+    client or an NFS server earlier in the installation process.
+**  If the machine has been configured as an NFS server, NFS will only run
+    on a reserved port.
+*** No changes are made to the NFS configuration.
diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c
index 018684d..2323d06 100644
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@@ -1608,7 +1608,8 @@ DMenu MenuSecurityProfile = {
     "Each item in this list will set what it considers to\n"
     "be \"appropriate\" values in that category for various\n"
     "security-related knobs in /etc/rc.conf.",
-    "Select a canned security profile.",
+    "Select a canned security profile - F1 for help",
+    "security",						/* help file */
     NULL,
     { { "X Exit",	"Exit this menu (returning to previous)", NULL, configSecurityModerate },
       { "Low",		"Fairly wide-open (little) security.", NULL, configSecurityLiberal },