FreeBSD Security in Multiuser Environments

[Andreas Jonsson]

> Also...  all this and you didn't raise the securelevel?  Didn't set
> system binaries schg?  Didn't remove unwanted binaries like rcp(1),
> rlogin(1), at(1) etc?
> 
>
To add to the list of all this...
no mounting of /var /tmp, and /home as noexec, nosuid (oh wait, no suid
binaries at all, then all partitions can be mounted as nosuid, except
for sudo. perhaps i missed something?)

No mac_biba, No mac_partition, no mac_bsdextended, and no mac_portacl...

/a