Install-time "hardening" options
Mike Tancsa
mike at sentex.net
Thu Oct 12 20:38:10 UTC 2017
On 10/12/2017 1:50 PM, Ronald F. Guilmette wrote:
>
> (*) Hide processes running as other users
>
> Well, I mean, yea. Obviously. If you ain't root, then processes
> belonging to other users are none of your damn business. So, um,
> why is this even optional?
One thing to be aware of is if you do any sort of process monitoring via
nagios/nrpe, things wont work by default. But yes, a good idea. Just a
little extra work for nrpe clients.
> (*) Disable opening Syslogd network socket (disables remote logging)
Is not the default -s and this options makes it -ss. "disable remote
logging" as in the host you are configuring cannot send out messages to
other syslogd servers.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-questions
mailing list