| /freebsd/crypto/openssl/doc/man3/ |
| H A D | SSL_CTX_set_security_level.pod | 5 …rity_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework
42 the security level to B<level>. If not set the library default security level
46 retrieve the current security level.
50 the security callback associated with B<ctx> or B<s>. If not set a default
51 security callback is used. The meaning of the parameters and the behaviour
62 If an application doesn't set its own security callback the default
75 The security level corresponds to a minimum of 80 bits of security. Any
76 parameters offering below 80 bits of security are excluded. As a result RSA,
79 less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite
81 and MD5 are also forbidden at this level as they have less than 80 security
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man3/ |
| H A D | SSL_CTX_set_security_level.3 | 140 …ity_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework
177 the security level to \fBlevel\fR. If not set the library default security level
181 retrieve the current security level.
185 the security callback associated with \fBctx\fR or \fBs\fR. If not set a default
186 security callback is used. The meaning of the parameters and the behaviour
196 If an application doesn't set its own security callback the default
205 The security level corresponds to a minimum of 80 bits of security. Any
206 parameters offering below 80 bits of security are excluded. As a result \s-1RSA,
209 less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite
211 and \s-1MD5\s0 are also forbidden at this level as they have less than 80 security
[all …]
|
| /freebsd/share/man/man7/ |
| H A D | sdoc.7 | 35 .Nd guide to adding security considerations sections to manual pages
38 adding security considerations sections to manual pages.
47 system should contain a security considerations section
48 describing what security requirements can be broken
53 On one hand, security consideration sections must not be too verbose,
55 On the other hand, security consideration sections must not be incomplete,
59 in the security consideration section for a given feature of the
64 those general security requirements that can be violated
66 There are four classes of security requirements:
81 A good security considerations section
[all …]
|
| H A D | security.7 | 33 .Nm security
34 .Nd introduction to security under FreeBSD
42 security related topics.
44 Security is a function that begins and ends with the system administrator.
47 multi-user systems have some inherent security, the job of building and
48 maintaining additional security mechanisms to keep users
53 only as secure as you make them, and security concerns are ever competing
62 security becomes an ever bigger issue.
64 Security is best implemented through a layered onion approach.
66 what you want to do is to create as many layers of security as are convenient
[all …]
|
| /freebsd/lib/libgssapi/ |
| H A D | gssapi.3 | 32 .Nd "Generic Security Services API"
38 The Generic Security Service Application Programming Interface
39 provides security services to its callers,
43 security enhancements are integrated through invocation of services
48 and to apply security services such as confidentiality and integrity
60 A pair of communicating applications establish a joint security
62 The security context is a pair of GSS-API data structures that contain
64 security services may be provided.
66 a security context are cryptographic keys,
68 As part of the establishment of a security context,
[all …]
|
| H A D | gss_export_sec_context.3 | 33 .Nd Transfer a security context to another process
48 requests and accepts security contexts over them,
52 deactivates the security context for the calling process and creates
60 a subsequent attempt by a context exporter to access the exported security context will fail.
64 either as a function of local security policy,
71 The interprocess token may contain security-sensitive information
84 associated with the security context,
88 export of the security context,
90 and should strive to leave the security context referenced by the
94 it is permissible for the implementation to delete the security
[all …]
|
| H A D | gss_delete_sec_context.3 | 33 .Nd Discard a security context
45 Delete a security context.
48 security context,
56 No further security services may be obtained using the context
60 In addition to deleting established security contexts,
62 must also be able to delete "half-built" security contexts resulting
124 Generic Security Service Application Program Interface Version 2, Update 1
126 Generic Security Service API Version 2 : C-bindings
|
| /freebsd/lib/librpcsec_gss/ |
| H A D | rpcsec_gss.3 | 37 is a security mechanism for the RPC protocol.
38 It uses the Generic Security Service API (GSS-API) to establish a
39 security context between a client and a server and to ensure that all
50 to establish a security context.
57 This type defines the types of security service required for
69 creating a security context.
79 Various details of the created security context are returned using
113 security context.
117 const char *mechanism; /* security mechanism */
178 Create a new security context
[all …]
|
| H A D | rpc_gss_seccreate.3 | 30 .Nd "create a security context using the RPCSEC_GSS protocol"
46 This function is used to establish a security context between an
58 The desired mechanism for this security context.
59 The value of mechanism should be the name of one of the security
78 Extra security context options to be passed to the underlying GSS-API
90 If the security context was created successfully, a pointer to an
93 To use this security context for subsequent RPC calls, set
|
| /freebsd/crypto/heimdal/appl/ftp/ftpd/ |
| H A D | Makefile.am | 24 security.c \
32 $(ftpd_OBJECTS): security.h
34 security.c:
35 @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
36 security.h:
37 @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
41 CLEANFILES = security.c security.h gssapi.c
|
| /freebsd/crypto/openssh/contrib/aix/ |
| H A D | pam.conf | 7 sshd auth required /usr/lib/security/pam_aix
8 OTHER auth required /usr/lib/security/pam_aix
11 sshd account required /usr/lib/security/pam_aix
12 OTHER account required /usr/lib/security/pam_aix
15 sshd password required /usr/lib/security/pam_aix
16 OTHER password required /usr/lib/security/pam_aix
19 sshd session required /usr/lib/security/pam_aix
20 OTHER session required /usr/lib/security/pam_aix
|
| /freebsd/tests/sys/kern/ |
| H A D | sysctl_security_jail_children.sh | 36 origin_max=$(sysctl -n security.jail.children.max)
37 origin_cur=$(sysctl -n security.jail.children.cur)
52 atf_check_equal "$((origin_cur + 1))" "$(sysctl -n security.jail.children.cur)"
53 atf_check_equal "0" "$(jexec childfree sysctl -n security.jail.children.max)"
54 atf_check_equal "0" "$(jexec childfree sysctl -n security.jail.children.cur)"
57 atf_check_equal "$((origin_cur + 2))" "$(sysctl -n security.jail.children.cur)"
58 atf_check_equal "$((origin_max - 1))" "$(jexec maxallowed sysctl -n security.jail.children.max)"
59 atf_check_equal "0" "$(jexec maxallowed sysctl -n security.jail.children.cur)"
62 atf_check_equal "$((origin_cur + 3))" "$(sysctl -n security.jail.children.cur)"
63 atf_check_equal "1" "$(jexec maxallowed sysctl -n security.jail.children.cur)"
[all …]
|
| /freebsd/usr.sbin/periodic/ |
| H A D | periodic.conf | 90 if [ $(sysctl -n security.jail.jailed) = 0 ]; then
160 # 450.status-security
161 daily_status_security_enable="YES" # Security check
162 # See also "Security options" below for more options
222 # 450.status-security
223 weekly_status_security_enable="YES" # Security check
224 # See also "Security options" above for more options
247 # 450.status-security
248 monthly_status_security_enable="YES" # Security check
249 # See also "Security options" above for more options
[all …]
|
| /freebsd/crypto/openssh/contrib/ |
| H A D | sshd.pam.generic | 2 auth required /lib/security/pam_unix.so shadow nodelay
3 account required /lib/security/pam_nologin.so
4 account required /lib/security/pam_unix.so
5 password required /lib/security/pam_cracklib.so
6 password required /lib/security/pam_unix.so shadow nullok use_authtok
7 session required /lib/security/pam_unix.so
8 session required /lib/security/pam_limits.so
|
| /freebsd/share/man/man4/ |
| H A D | mac_portacl.4 | 6 .\" Security Research Division of Network Associates, Inc. under
99 .Va security.mac.portacl.port_high
109 .Va security.mac.portacl.suser_exempt
118 .Va security.mac.portacl.rules ,
124 .It Va security.mac.portacl.enabled
129 .It Va security.mac.portacl.port_high
134 .It Va security.mac.portacl.rules
166 NOTE: MAC security policies may not override other security system policies
177 .It Va security.mac.portacl.suser_exempt
183 .It Va security.mac.portacl.autoport_exempt
[all …]
|
| H A D | ipsec.4 | 35 .Nd Internet Protocol Security protocol
47 is a security protocol implemented within the Internet Protocol layer
57 (for Encapsulating Security Payload)
63 that provide security services for IP datagrams.
75 and is designed for security gateways such as VPN endpoints.
101 is the process of associating keys with security associations, also
103 Policy management dictates when new security
155 may be used to configure per-socket security policies.
176 which means that if there is a security association then use it but if
182 which requires that a security association must exist for the packets
[all …]
|
| H A D | mac_bsdextended.4 | 6 .\" Security Research Division of Network Associates, Inc. under
59 security policy module provides an interface for the system administrator
94 .It Va security.mac.bsdextended.enabled
96 .It Va security.mac.bsdextended.rule_count
99 .It Va security.mac.bsdextended.rule_slots
101 .It Va security.mac.bsdextended.firstmatch_enabled
105 .It Va security.mac.bsdextended.logging
110 .It Va security.mac.bsdextended.rules
144 Project by NAI Labs, the Security Research Division of Network Associates
|
| H A D | mac_seeotheruids.4 | 6 .\" Security Research Division of Network Associates, Inc. under
66 .Va security.mac.seeotheruids.enabled
70 .Va security.mac.seeotheruids.suser_privileged
75 .Va security.mac.seeotheruids.primarygroup_enabled
80 .Va security.mac.seeotheruids.specificgid_enabled
82 .Va security.mac.seeotheruids.specificgid
112 the Security Research Division of Network Associates
|
| /freebsd/lib/libpam/libpam/ |
| H A D | Makefile | 8 # ThinkSec AS and NAI Labs, the Security Research Division of Network
164 HEADERS= security/openpam.h \
165 security/openpam_attr.h \
166 security/openpam_version.h \
167 security/pam_appl.h \
168 security/pam_constants.h \
169 security/pam_modules.h \
170 security/pam_types.h \
172 ADD_HEADERS= security/pam_mod_misc.h
176 INCSDIR= ${INCLUDEDIR}/security
|
| /freebsd/share/man/man9/ |
| H A D | mac.9 | 9 .\" Associates Laboratories, the Security Research Division of Network
52 introduced system security modules to modify system security functionality.
53 This can be used to support a variety of new security services, including
58 The framework then calls out to security modules to offer them the
59 opportunity to modify security behavior at those MAC API entry points.
60 Both consumers of the API (normal kernel services) and security modules
85 framework and modules may retrieve security labels and attributes from the
131 developers maintain awareness of when security checks or relevant
171 Project by Network Associates Laboratories, the Security Research
182 and implemented by the Network Associates Laboratories Network Security
|
| /freebsd/contrib/openbsm/man/ |
| H A D | audit_warn.5 | 46 .Pa /etc/security/audit_messages .
52 .Bl -tag -width ".Pa /etc/security/audit_messages" -compact
53 .It Pa /etc/security/audit_warn
54 .It Pa /etc/security/audit_messages
60 The OpenBSM implementation was created by McAfee Research, the security
66 This software was created by McAfee Research, the security research division
73 The Basic Security Module (BSM) interface to audit records and audit event
|
| /freebsd/contrib/unbound/ |
| H A D | SECURITY.md | 1 # Security Policy
9 highest minor and patch version level. We do not backport security fixes to
25 We take security very seriously. If you have discovered a security vulnerability
27 encrypted message to our Security Entry Point.
31 https://www.nlnetlabs.nl/security-report/
|
| /freebsd/tests/sys/mac/portacl/ |
| H A D | misc.sh | 3 sysctl security.mac.portacl >/dev/null 2>&1
66 sysctl security.mac.portacl.rules= >/dev/null
84 sysctl security.mac.portacl.rules=${idtype}:${idstr}:${proto}:${port} >/dev/null
95 sysctl security.mac.portacl.rules= >/dev/null
99 suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt)
100 port_high=$(sysctl -n security.mac.portacl.port_high)
104 sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null
105 sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null
|
| H A D | root_test.sh | 8 # Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.
12 sysctl security.mac.portacl.suser_exempt=1 >/dev/null
24 # Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.
26 sysctl security.mac.portacl.suser_exempt=0 >/dev/null
38 # Verify if security.mac.portacl.port_high works for super-user.
40 sysctl security.mac.portacl.port_high=7778 >/dev/null
|
| /freebsd/contrib/openbsm/bin/praudit/ |
| H A D | praudit.1 | 88 .Pa /etc/security/audit_event ;
94 .Bl -tag -width ".Pa /etc/security/audit_control" -compact
95 .It Pa /etc/security/audit_class
97 .It Pa /etc/security/audit_event
107 The OpenBSM implementation was created by McAfee Research, the security
113 This software was created by McAfee Research, the security research division
120 The Basic Security Module (BSM) interface to audit records and audit event
|