From 8d3cfc6184aabe53fd2b5201173f6986a509ab67 Mon Sep 17 00:00:00 2001 From: Tom Rhodes Date: Fri, 8 Sep 2006 04:56:21 +0000 Subject: [PATCH] So there is where that handbook paragraph came from. Kill it here too. Remove a paragraph about over building security, it's a bit off. Discussed with: des, FreeBSD-security --- share/man/man7/security.7 | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 8a3aee3e967b..68cec46c83ad 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 29, 2004 +.Dd September 8, 2006 .Dt SECURITY 7 .Os .Sh NAME @@ -54,19 +54,6 @@ Security is best implemented through a layered onion approach. In a nutshell, what you want to do is to create as many layers of security as are convenient and then carefully monitor the system for intrusions. -You do not want to -overbuild your security or you will interfere with the detection side, and -detection is one of the single most important aspects of any security -mechanism. -For example, it makes little sense to set the -.Cm schg -flags -(see -.Xr chflags 1 ) -on every system binary because while this may temporarily protect the -binaries, it prevents an attacker who has broken in from making an -easily detectable change that may result in your security mechanisms not -detecting the attacker at all. .Pp System security also pertains to dealing with various forms of attacks, including attacks that attempt to crash or otherwise make a system unusable