Source string Read only

(itstool) path: sect2/para
Context English State
The next menu is used to configure which system services will be started whenever the system boots. All of these services are optional. Only start the services that are needed for the system to function.
Selecting Additional Services to Enable
_ external ref='bsdinstall/bsdinstall-config-services' md5='__failed__'
Here is a summary of the services which can be enabled in this menu:
<literal>local_unbound</literal> - Enable the DNS local unbound. It is necessary to keep in mind that this is the unbound of the base system and is only meant for use as a local caching forwarding resolver. If the objective is to set up a resolver for the entire network install <package>dns/unbound</package>.
<literal>sshd</literal> - The Secure Shell (<acronym>SSH</acronym>) daemon is used to remotely access a system over an encrypted connection. Only enable this service if the system should be available for remote logins.
<literal>moused</literal> - Enable this service if the mouse will be used from the command-line system console.
<literal>ntpdate</literal> - Enable the automatic clock synchronization at boot time. The functionality of this program is now available in the <citerefentry><refentrytitle>ntpd</refentrytitle><manvolnum>8</manvolnum></citerefentry> daemon. After a suitable period of mourning, the <citerefentry><refentrytitle>ntpdate</refentrytitle><manvolnum>8</manvolnum></citerefentry> utility will be retired.
<literal>ntpd</literal> - The Network Time Protocol (<acronym>NTP</acronym>) daemon for automatic clock synchronization. Enable this service if there is a <trademark class="registered">Windows</trademark>, Kerberos, or <acronym>LDAP</acronym> server on the network.
<literal>powerd</literal> - System power control utility for power control and energy saving.
<literal>dumpdev</literal> - Enabling crash dumps is useful in debugging issues with the system, so users are encouraged to enable crash dumps.
Enabling Hardening Security Options
The next menu is used to configure which security options will be enabled. All of these options are optional. But their use is encouraged.
Selecting Hardening Security Options
_ external ref='bsdinstall/bsdinstall-hardening' md5='__failed__'
Here is a summary of the options which can be enabled in this menu:
<literal>hide_uids</literal> - Hide processes running as other users to prevent the unprivileged users to see other running processes in execution by other users (UID) preventing information leakage.
<literal>hide_gids</literal> - Hide processes running as other groups to prevent the unprivileged users to see other running processes in execution by other groups (GID) preventing information leakage.
<literal>hide_jail</literal> - Hide processes running in jails to prevent the unprivileged users to see processes running inside the jails.
<literal>read_msgbuf</literal> - Disabling reading kernel message buffer for unprivileged users prevent from using <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>8</manvolnum></citerefentry> to view messages from the kernel's log buffer.
<literal>proc_debug</literal> - Disabling process debugging facilities for unprivileged users disables a variety of unprivileged inter-process debugging services, including some procfs functionality, ptrace(), and ktrace(). Please note that this will also prevent debugging tools, for instance <citerefentry><refentrytitle>lldb</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>truss</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>procstat</refentrytitle><manvolnum>1</manvolnum></citerefentry>, as well as some built-in debugging facilities in certain scripting language like PHP, etc., from working for unprivileged users.
<literal>random_pid</literal> - Randomize the PID of newly created processes.
<literal>clear_tmp</literal> - Clean <filename>/tmp</filename> when the system starts up.
<literal>disable_syslogd</literal> - Disable opening <application>syslogd</application> network socket. By default FreeBSD runs <application>syslogd</application> in a secure way with <command>-s</command>. That prevents the daemon from listening for incoming UDP requests at port 514. With this option enabled <application>syslogd</application> will run with the flag <command>-ss</command> which prevents <application>syslogd</application> from opening any port. To get more information consult <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
<literal>disable_sendmail</literal> - Disable the sendmail mail transport agent.
<literal>secure_console</literal> - When this option is enabled, the prompt requests the <systemitem class="username">root</systemitem> password when entering single-user mode.
<literal>disable_ddtrace</literal> - DTrace can run in a mode that will actually affect the running kernel. Destructive actions may not be used unless they have been explicitly enabled. To enable this option when using DTrace use <command>-w</command>. To get more information consult <citerefentry><refentrytitle>dtrace</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
Add Users
The next menu prompts to create at least one user account. It is recommended to login to the system using a user account rather than as <systemitem class="username">root</systemitem>. When logged in as <systemitem class="username">root</systemitem>, there are essentially no limits or protection on what can be done. Logging in as a normal user is safer and more secure.
Select <guibutton>[ Yes ]</guibutton> to add new users.
Add User Accounts


User avatar None

New source string

FreeBSD Doc / books_handbookEnglish

New source string 10 months ago
Browse all component changes


English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect2/para
Source string location
String age
10 months ago
Source string age
10 months ago
Translation file
books/handbook.pot, string 716