From nobody@FreeBSD.org  Fri Dec  8 20:07:06 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1A1ED16A416
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  8 Dec 2006 20:07:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5367E43CA7
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  8 Dec 2006 20:06:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kB8K75F1013645
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 8 Dec 2006 20:07:05 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kB8K75LG013644;
	Fri, 8 Dec 2006 20:07:05 GMT
	(envelope-from nobody)
Message-Id: <200612082007.kB8K75LG013644@www.freebsd.org>
Date: Fri, 8 Dec 2006 20:07:05 GMT
From: Niclas Zeising<niclas.zeising@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] add a note regarding the status of the "security profile" setting in sysinstall
X-Send-Pr-Version: www-3.0

>Number:         106494
>Category:       docs
>Synopsis:       [patch] add a note regarding the status of the "security profile" setting in sysinstall
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    simon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 08 20:10:07 GMT 2006
>Closed-Date:    Mon Dec 25 16:11:34 GMT 2006
>Last-Modified:  Mon Dec 25 16:20:07 GMT 2006
>Originator:     Niclas Zeising
>Release:        7-CURRENT
>Organization:
>Environment:
>Description:
The security profile option in sysinstall which used to pop up during install is no more. Update docs accordingly, adding a note saying that the option is gone.
Maybe we can delete the whole section, the option has been gone since 5.2

Note: The whole install chapter probably needs a facelift.
>How-To-Repeat:
Read the install chapter of the handbook.
>Fix:
The attached patch adds a note saying that the security option is no more.

Patch attached with submission follows:

--- doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml.orig	2006-12-08 19:46:36.000000000 +0100
+++ doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml	2006-12-08 19:59:49.000000000 +0100
@@ -2653,6 +2653,12 @@
     <sect2 id="securityprofile">
       <title>Security Profile</title>
 
+      <note>
+        <para>The security profile setting in <command>sysinstall</command>
+	  has been deprecated and does not exist in &os; versions after 5.2.
+	  </para>
+      </note>
+
       <para>A <quote>security profile</quote> is a set of
 	configuration options that attempts to achieve the desired
 	ratio of security to convenience by enabling and disabling

>Release-Note:
>Audit-Trail:

From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Niclas Zeising <niclas.zeising@gmail.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: docs/106494: [patch] add a note regarding the status of the "security profile" setting in sysinstall
Date: Sat, 9 Dec 2006 14:32:47 +0100

 On 2006.12.08 20:07:05 +0000, Niclas Zeising wrote:
 
 > The security profile option in sysinstall which used to pop up
 > during install is no more. Update docs accordingly, adding a note
 > saying that the option is gone.
 >
 > Maybe we can delete the whole section, the option has been gone since 5.2
 
 I think it would be better to delete it - the handbook doesn't
 document that old releases.
 
 > Note: The whole install chapter probably needs a facelift.
 
 That sounds likely.
 
 -- 
 Simon L. Nielsen

From: Niclas Zeising <niclas.zeising@gmail.com>
To: "Simon L. Nielsen" <simon@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: docs/106494: [patch] add a note regarding the status of the "security
 profile" setting in sysinstall
Date: Sat, 09 Dec 2006 15:09:51 +0100

 This is a multi-part message in MIME format.
 --------------000405050905060004040600
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Simon L. Nielsen wrote:
 > On 2006.12.08 20:07:05 +0000, Niclas Zeising wrote:
 > 
 >> The security profile option in sysinstall which used to pop up
 >> during install is no more. Update docs accordingly, adding a note
 >> saying that the option is gone.
 >>
 >> Maybe we can delete the whole section, the option has been gone since 5.2
 > 
 > I think it would be better to delete it - the handbook doesn't
 > document that old releases.
 
 I thought so, wasn't 100% sure so i added the note instead.
 Attached is a patch that removes the section entirely instead.
 
 > 
 >> Note: The whole install chapter probably needs a facelift.
 > 
 > That sounds likely.
 > 
 
 It will take some thinking through, and new screen shots i think. But we 
 need a decent install chapter, so people know how to install FreeBSD.
 
 Regards!
 //Niclas
 
 --------------000405050905060004040600
 Content-Type: text/plain;
  name="install.chapter.sgml.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="install.chapter.sgml.diff"
 
 --- doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml.orig	2006-12-08 19:46:36.000000000 +0100
 +++ doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml	2006-12-09 15:04:18.000000000 +0100
 @@ -2650,184 +2650,6 @@
        </sect3>
      </sect2>
  
 -    <sect2 id="securityprofile">
 -      <title>Security Profile</title>
 -
 -      <para>A <quote>security profile</quote> is a set of
 -	configuration options that attempts to achieve the desired
 -	ratio of security to convenience by enabling and disabling
 -	certain programs and other settings.  The more severe the
 -	security profile, the fewer programs will be enabled by
 -	default.  This is one of the basic principles of security: do
 -	not run anything except what you must.</para>
 -
 -      <para>Please note that the security profile is just a default
 -	setting.  All programs can be enabled and disabled after you
 -	have installed FreeBSD by editing or adding the appropriate
 -	line(s) to <filename>/etc/rc.conf</filename>.  For more
 -	information, please see the &man.rc.conf.5; manual
 -	page.</para>
 -
 -      <para>The following table describes what each of the security
 -	profiles does.  The columns are the choices you have for a
 -	security profile, and the rows are the program or feature that
 -	the profile enables or disables.</para>
 -
 -      <table>
 -	<title>Possible Security Profiles</title>
 -
 -	<tgroup cols=3>
 -	  <thead>
 -	    <row>
 -	      <entry></entry>
 -
 -	      <entry>Extreme</entry>
 -
 -	      <entry>Moderate</entry>
 -	    </row>
 -	  </thead>
 -
 -	  <tbody>
 -
 -	    <row>
 -	      <entry>&man.sendmail.8;</entry>
 -
 -	      <entry>NO</entry>
 -
 -	      <entry>YES</entry>
 -	    </row>
 -
 -	    <row>
 -	      <entry>&man.sshd.8;</entry>
 -
 -	      <entry>NO</entry>
 -
 -	      <entry>YES</entry>
 -	    </row>
 -
 -	    <row>
 -	      <entry>&man.portmap.8;</entry>
 -
 -	      <entry>NO</entry>
 -
 -	      <entry>MAYBE
 -		<footnote>
 -		  <para>The portmapper is enabled if the machine has
 -		    been configured as an NFS client or server earlier
 -		    in the installation.</para>
 -		</footnote>
 -	      </entry>
 -	    </row>
 -
 -	    <row>
 -	      <entry>NFS server</entry>
 -
 -	      <entry>NO</entry>
 -
 -	      <entry>YES</entry>
 -	    </row>
 -
 -	    <row>
 -	      <entry>&man.securelevel.8;</entry>
 -
 -	      <entry>YES
 -		<footnote>
 -		  <para>If you choose a security profile that sets the
 -		    securelevel to <quote>Extreme</quote> or
 -		    <quote>High</quote>, you must be aware of the
 -		    implications.  Please read the &man.init.8;
 -		    manual page and pay particular attention to the
 -		    meanings of the security levels, or you may have
 -		    significant trouble later!</para>
 -		</footnote>
 -	      </entry>
 -
 -	      <entry>NO</entry>
 -	    </row>
 -	  </tbody>
 -	</tgroup>
 -      </table>
 -
 -      <screen>                       User Confirmation Requested
 - Do you want to select a default security profile for this host (select
 - No for "medium" security)? 
 -
 -                            [ Yes ]    No</screen>
 -
 -      <para>Selecting &gui.no; and pressing
 -	<keycap>Enter</keycap> will set the security profile to medium.</para>
 -
 -      <para>Selecting &gui.yes; and pressing
 -	<keycap>Enter</keycap> will allow selecting a different security
 -	profile.</para>
 -
 -      <figure id="security-profile">
 -	<title>Security Profile Options</title>
 -
 -	<mediaobject>
 -	  <imageobject>
 -	    <imagedata fileref="install/security" format="PNG">
 -	  </imageobject>
 -	</mediaobject>
 -      </figure>
 -
 -      <para>Press <keycap>F1</keycap> to display the help.  Press
 -	<keycap>Enter</keycap> to return to selection menu.</para>
 -
 -      <para>Use the arrow keys to choose <guimenuitem>Medium</guimenuitem>
 -	unless your are sure that another level is required for your needs.
 -	With &gui.ok; highlighted, press
 -	<keycap>Enter</keycap>.</para>
 -
 -      <para>An appropriate confirmation message will display depending on
 -	which security setting was chosen.</para>
 -
 -      <screen>                                 Message
 -
 -Moderate security settings have been selected.
 -
 -Sendmail and SSHd have been enabled, securelevels are
 -disabled, and NFS server setting have been left intact.
 -PLEASE NOTE that this still does not save you from having
 -to properly secure your system in other ways or exercise
 -due diligence in your administration, this simply picks
 -a standard set of out-of-box defaults to start with.
 -
 -To change any of these settings later, edit /etc/rc.conf
 -
 -                                  [OK]</screen>
 -
 -      <screen>                                 Message
 -
 -Extreme security settings have been selected.
 -
 -Sendmail, SSHd, and NFS services have been disabled, and
 -securelevels have been enabled.
 -PLEASE NOTE that this still does not save you from having
 -to properly secure your system in other ways or exercise
 -due diligence in your administration, this simply picks
 -a more secure set of out-of-box defaults to start with.
 -
 -To change any of these settings later, edit /etc/rc.conf
 -
 -                                  [OK]</screen>
 -
 -      <para>Press <keycap>Enter</keycap> to continue with the
 -	post-installation configuration.</para>
 -
 -      <warning>
 -	<para>The security profile is not a silver bullet!  Even if
 -	  you use the extreme setting, you need to keep up with
 -	  security issues by reading an appropriate mailing
 -	  list (<xref linkend="eresources-mail">),
 -	  using good passwords and passphrases, and
 -	  generally adhering to good security practices.  It simply
 -	  sets up the desired security to convenience ratio out of the
 -	  box.</para>
 -      </warning>
 -
 -    </sect2>
 -
      <sect2 id="console">
        <title>System Console Settings</title>
  
 
 --------------000405050905060004040600--
Responsible-Changed-From-To: freebsd-doc->simon 
Responsible-Changed-By: simon 
Responsible-Changed-When: Sun Dec 10 18:13:45 UTC 2006 
Responsible-Changed-Why:  
I will deal with this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=106494 
State-Changed-From-To: open->closed 
State-Changed-By: simon 
State-Changed-When: Mon Dec 25 16:11:04 UTC 2006 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=106494 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/106494: commit references a PR
Date: Mon, 25 Dec 2006 16:10:21 +0000 (UTC)

 simon       2006-12-25 16:10:14 UTC
 
   FreeBSD doc repository
 
   Modified files:
     en_US.ISO8859-1/books/handbook/install chapter.sgml 
   Log:
   Security Profile support was removed from sysinstall 3 years ago, so
   also remove the section in the Handbook.
   
   PR:             docs/106494
   Submitted by:   Niclas Zeising <niclas.zeising@gmail.com>
   
   Revision  Changes    Path
   1.343     +0 -178    doc/en_US.ISO8859-1/books/handbook/install/chapter.sgml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
