So there is where that handbook paragraph came from. Kill it here too.

Remove a paragraph about over building security, it's a bit off.

Discussed with: des, FreeBSD-security
This commit is contained in:
Tom Rhodes 2006-09-08 04:56:21 +00:00
parent baa1277289
commit 8d3cfc6184

View File

@ -23,7 +23,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd November 29, 2004
.Dd September 8, 2006
.Dt SECURITY 7
.Os
.Sh NAME
@ -54,19 +54,6 @@ Security is best implemented through a layered onion approach.
In a nutshell,
what you want to do is to create as many layers of security as are convenient
and then carefully monitor the system for intrusions.
You do not want to
overbuild your security or you will interfere with the detection side, and
detection is one of the single most important aspects of any security
mechanism.
For example, it makes little sense to set the
.Cm schg
flags
(see
.Xr chflags 1 )
on every system binary because while this may temporarily protect the
binaries, it prevents an attacker who has broken in from making an
easily detectable change that may result in your security mechanisms not
detecting the attacker at all.
.Pp
System security also pertains to dealing with various forms of attacks,
including attacks that attempt to crash or otherwise make a system unusable