Source string Read only

(itstool) path: listitem/para
176/1760
Context English State
<literal>dumpdev</literal> - Enabling crash dumps is useful in debugging issues with the system, so users are encouraged to enable crash dumps.
Enabling Hardening Security Options
The next menu is used to configure which security options will be enabled. All of these options are optional. But their use is encouraged.
Selecting Hardening Security Options
_ external ref='bsdinstall/bsdinstall-hardening' md5='__failed__'
Here is a summary of the options which can be enabled in this menu:
<literal>hide_uids</literal> - Hide processes running as other users to prevent the unprivileged users to see other running processes in execution by other users (UID) preventing information leakage.
<literal>hide_gids</literal> - Hide processes running as other groups to prevent the unprivileged users to see other running processes in execution by other groups (GID) preventing information leakage.
<literal>hide_jail</literal> - Hide processes running in jails to prevent the unprivileged users to see processes running inside the jails.
<literal>read_msgbuf</literal> - Disabling reading kernel message buffer for unprivileged users prevent from using <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>8</manvolnum></citerefentry> to view messages from the kernel's log buffer.
<literal>proc_debug</literal> - Disabling process debugging facilities for unprivileged users disables a variety of unprivileged inter-process debugging services, including some procfs functionality, ptrace(), and ktrace(). Please note that this will also prevent debugging tools, for instance <citerefentry><refentrytitle>lldb</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>truss</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>procstat</refentrytitle><manvolnum>1</manvolnum></citerefentry>, as well as some built-in debugging facilities in certain scripting language like PHP, etc., from working for unprivileged users.
<literal>random_pid</literal> - Randomize the PID of newly created processes.
<literal>clear_tmp</literal> - Clean <filename>/tmp</filename> when the system starts up.
<literal>disable_syslogd</literal> - Disable opening <application>syslogd</application> network socket. By default FreeBSD runs <application>syslogd</application> in a secure way with <command>-s</command>. That prevents the daemon from listening for incoming UDP requests at port 514. With this option enabled <application>syslogd</application> will run with the flag <command>-ss</command> which prevents <application>syslogd</application> from opening any port. To get more information consult <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
<literal>disable_sendmail</literal> - Disable the sendmail mail transport agent.
<literal>secure_console</literal> - When this option is enabled, the prompt requests the <systemitem class="username">root</systemitem> password when entering single-user mode.
<literal>disable_ddtrace</literal> - DTrace can run in a mode that will actually affect the running kernel. Destructive actions may not be used unless they have been explicitly enabled. To enable this option when using DTrace use <command>-w</command>. To get more information consult <citerefentry><refentrytitle>dtrace</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
Add Users
The next menu prompts to create at least one user account. It is recommended to login to the system using a user account rather than as <systemitem class="username">root</systemitem>. When logged in as <systemitem class="username">root</systemitem>, there are essentially no limits or protection on what can be done. Logging in as a normal user is safer and more secure.
Select <guibutton>[ Yes ]</guibutton> to add new users.
Add User Accounts
_ external ref='bsdinstall/bsdinstall-adduser1' md5='__failed__'
Follow the prompts and input the requested information for the user account. The example shown in <xref linkend="bsdinstall-add-user2"/> creates the <systemitem class="username">asample</systemitem> user account.
Enter User Information
_ external ref='bsdinstall/bsdinstall-adduser2' md5='__failed__'
Here is a summary of the information to input:
<literal>Username</literal> - The name the user will enter to log in. A common convention is to use the first letter of the first name combined with the last name, as long as each username is unique for the system. The username is case sensitive and should not contain any spaces.
<literal>Full name</literal> - The user's full name. This can contain spaces and is used as a description for the user account.
<literal>Uid</literal> - User <acronym>ID</acronym>. Typically, this is left blank so the system will assign a value.
<literal>Login group</literal> - The user's group. Typically this is left blank to accept the default.
<literal>Invite <replaceable>user</replaceable> into other groups?</literal> - Additional groups to which the user will be added as a member. If the user needs administrative access, type <literal>wheel</literal> here.

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: listitem/para
Flags
read-only
Source string location
book.translate.xml:5013
String age
a month ago
Source string age
a month ago
Translation file
books/handbook.pot, string 725