Install-time "hardening" options

Mike Tancsa mike at
Thu Oct 12 20:38:10 UTC 2017

On 10/12/2017 1:50 PM, Ronald F. Guilmette wrote:
> (*) Hide processes running as other users
>     Well, I mean, yea.  Obviously.  If you ain't root, then processes
>     belonging to other users are none of your damn business.  So, um,
>     why is this even optional?

One thing to be aware of is if you do any sort of process monitoring via
nagios/nrpe, things wont work by default.  But yes, a good idea. Just a
little extra work for nrpe clients.

> (*)  Disable opening Syslogd network socket (disables remote logging)

Is not the default -s and this options makes it -ss. "disable remote
logging" as in the host you are configuring cannot send out messages to
other syslogd servers.


Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at
Providing Internet services since 1994
Cambridge, Ontario Canada

More information about the freebsd-questions mailing list