Commit Graph

69 Commits

Author SHA1 Message Date
Robert Watson
4b51d758d5 Add a Securelevel sub-menu to the Security configuration menu,
permitting the administrator to select a securelevel top operate
at.  Include a helpfile summarizing some of the information from
init(8).  This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.

Approved by:	re (scottl)
2003-11-29 21:44:51 +00:00
Robert Watson
7fba2041a7 Remove security profiles from sysinstall. Currently, security profile
selection is used to drive two configuration parameters:

(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels

Replace this with an explicit choice to enable/disable sshd.  A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly.  This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.

Approved by:	re (scottl)
2003-11-28 18:47:45 +00:00
Robert Watson
b5abb6e6b0 Don't use UFS2 by default during the install process on PC98, as the
PC98 boot blocks don't support UFS2.  We keep newfs(8) defaulting to
UFS2.

Warn users that FreeBSD can only boot from a root file system smaller
than 1.5TB; hopefully this will get fixed by the patches currently
floating around on -CURRENT.

Reviewed by:	nyan
2003-04-21 20:57:20 +00:00
Robert Watson
b459937e0c Throw the switch--change to UFS2 as our default file system format for
FreeBSD 5.1-RELEASE and later:

- newfs(8) will now create UFS2 file systems unless UFS1 is specifically
  requested (-O1).  To do this, I just twiddled the Oflag default.

- sysinstall(8) will now select UFS2 as the default layout for new
  file systems unless specifically requested (use '1' and '2' to change
  the file system layout in the disk labeler).  To do this, I inverted
  the ufs2 flag into a ufs1 flag, since ufs2 is now the default and
  ufs1 is the edge case.  There's a slight semantic change in the
  key behavior: '2' no longer toggles, it changes the selection to UFS2.

This is very similar to a patch David O'Brien sent me at one point, and
that I couldn't find.

Approved by:	re (telecon)
Reviewed by:	mckusick, phk, bmah
2003-04-20 14:08:05 +00:00
Jun Kuriyama
6dcbe61c90 If you don't create a /usr filesystem, / will need 200MB. 2003-01-13 21:57:07 +00:00
Jun Kuriyama
b3e8a7eb8f Update ROOT_MIN_SIZE for i386 to 118MB (and other ROOT_*_SIZE). 2002-12-15 12:05:00 +00:00
Robert Watson
bf1e70b230 Reformulate how sysinstall handles file system options in the label
editor, in order to support specifying UFS2 as a newfs option.

(1) Support three different newfs types: NEWFS_UFS, NEWFS_MSDOS, and
    NEWFS_CUSTOM.  Don't mix up the arguments to them: you can't use
    soft updates on an msdos file system.

(2) Distinguish adding new arguments to the newfs command line from
    replacing it.  Permit the addition of new arguments by the user for
    NEWFS_UFS.  If we entirely replace the command line provided by
    sysinstall, call it NEWFS_CUSTOM.  'N' will now add additional
    arguments; 'Z' will opt to replace the newfs command line entirely,
    but will prompt the user with their current command line as a
    starting point.

(3) Construct the newfs command line dynamically based on the options
    provided by the user at label-time.  Right now, this means selecting
    UFS1 vs. UFS2, and the soft updates flag.  Drop in some variables
    to support ACLs and MAC Multilabel in the future also, but don't
    expose them now.

This provides sysinstall with the ability to do more "in band" editing
of the newfs command line, so we can provide more support for the user,
but doesn't sacrifice the ability to entirely specify the newfs command
line of the user is willing to give up on the cushiness factor.  It
also makes it easier for us to specify defaults in the future, and
define conditional behavior based on user configuration selections.
For now, we default to UFS1, and permit UFS2 to be used as the root
only on non-i386 systems.

While I was there, I dropped the default fragment and block sizes,
since newfs has much more sensible defaults now.

Reviewed by:	jhb, marcel
Approved by:	re
ia64 bits from:	marcel
2002-12-03 22:25:47 +00:00
Robert Watson
4d0032bde9 o Expand the text describing the Security options menu.
o Move nfs_reserved_port_only out of security profiles (where it was
  set somewhat improperly) to the Security options menu directly.
  Previously, the variable was set to true for Moderate, but not for
  Extreme, which is at best inconsistent.
o Update the Security Profiles help file to remove reference to the
  NFS reserved port.

o Note that the kernel currently defaults the sysctl to '0', but
  sysinstall has changed it to '1' as a default as of late; however,
  rc.conf sets the value to NO as the default.  This change brings
  them relatively into sync.

Sponsored by:	DARPA, NAI Labs
2001-12-21 19:51:44 +00:00
Eric Melville
30ff437cd4 Attempt to make key behavior more clear. 2001-08-31 03:29:25 +00:00
Robert Watson
614af3941d o Reduce the number of offered security profiles, as we now have a more
conservative default, and actually prompt specifically for inetd rather
  than handling it as a side effect of the security profile.  Update the
  help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
  presented to the user.
o Remove portmap and inetd from profile management.  Portmap is now
  disabled by default, but automatically turned on if a feature requires
  it (such as NFS, etc).

This is an MFC candidate for 4.4-RELEASE.

Reviewed by:	freebsd-arch@FreeBSD.org
Approved by:	re@FreeBSD.org
MFC after:	2 days
2001-08-10 23:57:43 +00:00
Jimmy Olgeni
2b809d4f5b Fix the default number of virtual consoles in the usage.hlp file: there
were 3 virtual consoles in older releases, but now they are 8.

MFC after:	1 week
2001-06-04 15:16:41 +00:00
Jordan K. Hubbard
6a74b0f7e2 Switch from lynx to "links" as the default doc browser.
Submitted by:	jim
2001-03-23 07:53:45 +00:00
Murray Stokely
8d5f3cc751 Document the HTTP proxy install method.
PR:		21451
2001-03-14 11:08:28 +00:00
Jordan K. Hubbard
becf6bce0e Document (with warnings) the otherwise undocumented `F' command. 2001-03-13 06:52:07 +00:00
Jordan K. Hubbard
a225c1f77f Update to use proper nomenclature for the security profiles.
Submitted by:	olgeni
2001-03-11 23:47:12 +00:00
Jordan K. Hubbard
abbc9c16f2 Document the softupdate stuff and also warn people against using
it on root unless root is very large.
2001-03-11 04:24:52 +00:00
Jordan K. Hubbard
717bd36c83 Fix some of the security profile messages to be more explanatory
and also obey most of the rules of english in their construction.

Add a help screen for the security menu which gives the user a rough idea
just what the various security profiles do.
2001-03-08 10:16:56 +00:00
Jordan K. Hubbard
b5e57da1d1 Remove outdated crypto comments. 2000-07-24 18:45:25 +00:00
Jordan K. Hubbard
553cdb6fbd Update to match current reality (not that anyone reads these anyway :) 2000-03-18 08:06:16 +00:00
Jeroen Ruigrok van der Werven
fe7be1e454 Update the CDROM section to reflect our current support.
Applied modified patch, since ATA/ATAPI is the keyword nowadays.

PR:		16507
Submitted by:	Dan Papasian <bugg@bugg.strangled.net>

No need for an OK since we can exercise our divine rights as docpersons
according to:	jkh
2000-02-06 10:32:17 +00:00
Daniel C. Sobral
48d9eeb33a configSamba is gone, and is not coming back. 1999-12-23 10:16:46 +00:00
Daniel C. Sobral
92dd206086 configApache does not exist anymore.
PR:		9582
Submitted by:	Stephan Lagerholm <istephan@unilog.se>
1999-12-20 19:22:57 +00:00
Foxfair Hu
542562e6e1 Change the wrong URL of back-issue FreeBSD newsletter. 1999-07-14 02:23:16 +00:00
Jordan K. Hubbard
d06edb61fa Add CHAP/PAP question to the ppp setup dialog, simplifying things considerably
for some.

Submitted by:	Jack O'Neill <jack@germanium.xtalwind.net>
1999-05-19 10:49:46 +00:00
Jordan K. Hubbard
eb6b299247 revert premature DHCP commit 1999-05-06 11:15:33 +00:00
Jordan K. Hubbard
734ec189d0 Fix includes; I had a slightly different Makefile than everyone else
which is why I didn't see this. :)

Noted by:	Maxim Sobolev <sobomax@altavista.net>
1999-05-06 11:03:21 +00:00
Jordan K. Hubbard
c978c8324f Merge some doc updates which got only into the 3.0 branch during the last
release cycle.
1999-03-10 02:50:32 +00:00
Jordan K. Hubbard
86784dbcd2 Show dependencies in package menu.
PR:		7454
Submitted by:	Stefan Eggers <seggers@semyam.dinoco.de>
1999-02-02 15:57:14 +00:00
Jordan K. Hubbard
f89dccd7b0 Doc fixes for CAM devices. If I ever truly understand the logic behind
this name change, I'll be a happy man.
1998-11-21 21:45:27 +00:00
Jordan K. Hubbard
66049ce431 Add references to ATM cards (Mike Spengler <mks@networkcs.com>) and
remove all tabs.
1998-10-15 21:20:33 +00:00
Jordan K. Hubbard
bf05096f52 MF22: Important fixes for loading XFree86 distributions I forgot to
merge after 2.2.7 (I was wondering why that bug looked so familiar!).
Also update some docs accordingly.
1998-09-23 12:13:51 +00:00
Jordan K. Hubbard
904bdc094f Sync documentation with 2.2 updates. 1998-05-24 20:00:27 +00:00
Jordan K. Hubbard
4f43ad3744 Note usage of Linux PLIP peer. 1998-04-20 06:18:36 +00:00
Jordan K. Hubbard
8f85722f98 MF22: various doc bogons noticed. 1998-03-06 07:23:08 +00:00
Steve Price
039016310d Another sysconfig -> rc.conf fix.
PR:		5374
Submitted by:	Studded <Studded@dal.net>
1997-12-27 19:40:20 +00:00
David E. O'Brien
48761ea3ad MFS. 1997-11-05 06:11:35 +00:00
Jordan K. Hubbard
38769fc189 Document 100Mbit media selection flag. 1997-10-20 08:11:25 +00:00
Jordan K. Hubbard
382ac44b63 Fix various bogons reported in this PR.
PR:		4765
Submitted by:	fdiv
1997-10-15 04:37:26 +00:00
Jordan K. Hubbard
90a93ec643 Update to reflect current affairs. 1997-10-12 16:21:36 +00:00
Jordan K. Hubbard
7789aca24b Correct typo. 1997-09-18 16:24:36 +00:00
Jordan K. Hubbard
2110cdc5e4 XFree86 3.3.1 updates
Document new media flag in lieu of links.
1997-09-14 04:18:42 +00:00
Jordan K. Hubbard
ee49f49829 YAMF22 1997-03-19 10:09:46 +00:00
Jordan K. Hubbard
5279ffe115 Add registration help screen. 1997-03-09 22:35:12 +00:00
Jordan K. Hubbard
c29c9ac418 YAMF22 1997-03-08 12:58:29 +00:00
Jordan K. Hubbard
0232e09f50 Add a missing docfile (whoops! Overlooked). 1997-03-08 11:34:25 +00:00
Jordan K. Hubbard
af1353594f YAMF22 1997-03-08 11:06:50 +00:00
Jordan K. Hubbard
2efff52162 YAMF22 1997-03-07 16:39:32 +00:00
Jordan K. Hubbard
76d01c999a This is a patch that makes some of the "partitions" --> "slice" to be
more consistant in our use of the terms for differentiation between PC
partitions and traditional BSD partitions.

Submitted-By: obrien@cs.ucdavis.edu (David O'Brien)
1997-01-24 07:47:17 +00:00
Mike Pritchard
f52a35b581 Fix some spelling errors.
Jordan, I'll let you merge this into 2.2o that I don't
stomp on you.
1996-12-26 21:53:11 +00:00
Jordan K. Hubbard
50aaa93770 make note of which /etc files need upgrading in installUpgrade rather
than asking the user to keep track of the list himself.
1996-12-15 18:14:37 +00:00