freebsd-skq/etc
cem bdee39477d bluetooth: Default to discoverable off
Try to not expose bluetooth devices to external devices unless the user
explicitly configures it, like any other radio/network device.  Bluetooth
has a long history of security problems and it is probably best to keep it
disabled if not needed.

Users who do use the bluetooth device should enable "discoverable" in
bluetooth.device.conf(5) after this change.

Keep in mind that bluetooth addresses can be discovered by passive
monitoring or whole address-space scans[0], so a safety conscious user
should also disable "connectable" in bluetooth.device.conf(5).

[0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth

Reviewed by:	emax, hselasky
Security:	maybe
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12831
2017-11-01 18:58:54 +00:00
..
autofs Enable automounting of exFAT media. 2017-05-04 19:16:36 +00:00
bluetooth
casper
cron.d Conditionally handle the crontab entry for atrun(8) 2017-05-18 06:33:55 +00:00
defaults bluetooth: Default to discoverable off 2017-11-01 18:58:54 +00:00
devd Regenerate etc/devd/usb.conf 2017-10-31 23:33:24 +00:00
etc.aarch64
etc.amd64
etc.arm
etc.i386
etc.mips
etc.powerpc
etc.riscv
etc.sparc64
gss
mail
mtree Disconnect libpathconv tests since they require external perl and do not work with kyua. 2017-10-31 19:52:30 +00:00
newsyslog.conf.d Handle the logfiles in newsyslog and syslogd conditionally, based on 2017-05-13 03:10:50 +00:00
ntp Replace the leap-seconds file in r320242 from USNO - 2017-06-23 01:05:49 +00:00
pam.d Remove rcmds. 2017-10-06 08:43:14 +00:00
periodic Anticongestion refinements for ntpd rc script. This reverts r324681 2017-10-19 03:17:50 +00:00
pkg
rc.d bluetooth: Default to discoverable off 2017-11-01 18:58:54 +00:00
root Fix typo introduced in r320672 - check for existence of the right file. 2017-07-05 15:42:33 +00:00
sendmail Move /etc/ to SRCTOP 2017-03-12 18:58:55 +00:00
syslog.d Handle the logfiles in newsyslog and syslogd conditionally, based on 2017-05-13 03:10:50 +00:00
amd.map
apmd.conf
auto_master Stop appending "noatime" in the autofs -media map, and instead add it 2016-09-20 04:52:01 +00:00
blacklistd.conf Add basic blacklist build support 2016-06-02 19:06:04 +00:00
crontab Conditionally handle the crontab entry for atrun(8) 2017-05-18 06:33:55 +00:00
csh.cshrc
csh.login
csh.logout $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
ddb.conf
devd.conf Update devd.conf for ports change 421360 2017-02-27 15:32:56 +00:00
devfs.conf
dhclient.conf
disktab
fbtab
freebsd-update.conf
ftpusers
gettytab
group Fix regression introduced on r293801. 2016-01-27 06:28:56 +00:00
hosts
hosts.allow
hosts.equiv
hosts.lpd
inetd.conf Remove rcmds. 2017-10-06 08:43:14 +00:00
libalias.conf
libmap.conf
login.access
login.conf Fix handling of umtxp resource limit in sh(1)/ulimit(1), limits(1), add 2016-03-12 14:54:34 +00:00
mac.conf
Makefile Remove a atrun check that is nullified by r318443. 2017-10-21 21:58:24 +00:00
Makefile.depend
master.passwd Capitalize "LDAP" in the description field of the _ypldap entry. 2016-05-10 12:47:36 +00:00
minfree
motd
netconfig
netstart Remove NATM configuration bits and assorted NATM and ATM remnants. 2017-04-25 21:59:34 +00:00
network.subr Remove NATM configuration bits and assorted NATM and ATM remnants. 2017-04-25 21:59:34 +00:00
networks
newsyslog.conf Handle the logfiles in newsyslog and syslogd conditionally, based on 2017-05-13 03:10:50 +00:00
nls.alias
nscd.conf
nsmb.conf
nsswitch.conf Implement an NSS backend for netgroups and add getnetgrent_r(3). 2016-06-09 01:28:44 +00:00
ntp.conf Update ntp.conf to use the ntpd pool feature. 2017-01-02 15:19:22 +00:00
opieaccess
pccard_ether Do not try to recreate wlan(4) interface if it already exists. 2016-12-04 15:58:34 +00:00
pf.os
phones
portsnap.conf Now that the portsnap buildbox is generating the raw bits for INDEX-12, 2016-08-14 05:18:38 +00:00
printcap Update several more URLs 2017-10-29 08:17:03 +00:00
profile
protocols etc: minor spelling fixes. 2016-05-01 16:43:22 +00:00
rc Use checkyesno instead of rolling my own.. 2016-10-23 18:00:09 +00:00
rc.bsdextended
rc.firewall
rc.initdiskless Remove spurious $flags; it's a paste-o from copying the line from rc.subr. 2017-09-29 22:21:42 +00:00
rc.resume
rc.sendmail
rc.shutdown Since r275359, there is no need to provide a bogus service name. 2015-10-26 15:16:27 +00:00
rc.subr rc.subr: Remove test that is always true. 2017-10-15 11:28:41 +00:00
rc.suspend
regdomain.xml
remote
rpc
services Add an example inetd(8) entry for the Prometheus sysctl exporter. 2016-12-21 08:32:20 +00:00
shells
snmpd.config Move the mibII module up so uncommenting the bridge module works 2017-01-07 09:03:40 +00:00
sysctl.conf
syslog.conf Handle the logfiles in newsyslog and syslogd conditionally, based on 2017-05-13 03:10:50 +00:00
termcap.small