diff options
author | dteske <dteske@FreeBSD.org> | 2012-07-14 03:16:57 +0000 |
---|---|---|
committer | dteske <dteske@FreeBSD.org> | 2012-07-14 03:16:57 +0000 |
commit | 3981b9b76aa0266598ee7b724e5981627d8ac129 (patch) | |
tree | 8b439d31cf63b5d5c97b653a3cd721fd9961baa5 /usr.sbin/bsdconfig/security/kern_securelevel | |
parent | 5d2a55de5070f6d3a8e4b9762a397596e7b308ae (diff) | |
download | FreeBSD-src-3981b9b76aa0266598ee7b724e5981627d8ac129.zip FreeBSD-src-3981b9b76aa0266598ee7b724e5981627d8ac129.tar.gz |
Import bsdconfig(8) as a replacement for the post-install abilities of
deprecated sysinstall(8). NOTE: WITH_BSDCONFIG is currently required.
Submitted by: Devin Teske (dteske), Ron McDowell <rcm@fuzzwad.org>
Reviewed by: Ron McDowell <rcm@fuzzwad.org>
Approved by: Ed Maste (emaste)
Diffstat (limited to 'usr.sbin/bsdconfig/security/kern_securelevel')
-rwxr-xr-x | usr.sbin/bsdconfig/security/kern_securelevel | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/usr.sbin/bsdconfig/security/kern_securelevel b/usr.sbin/bsdconfig/security/kern_securelevel new file mode 100755 index 0000000..f457e94 --- /dev/null +++ b/usr.sbin/bsdconfig/security/kern_securelevel @@ -0,0 +1,135 @@ +#!/bin/sh +#- +# Copyright (c) 2012 Devin Teske +# All Rights Reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +############################################################ INCLUDES + +BSDCFG_LIBE="/usr/libexec/bsdconfig" +. $BSDCFG_LIBE/include/common.subr || exit 1 +f_include $BSDCFG_LIBE/include/dialog.subr +f_include $BSDCFG_LIBE/include/mustberoot.subr +f_include $BSDCFG_LIBE/include/sysrc.subr + +APP_DIR="130.security" +f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr + +ipgm=$( f_index_menu_selection $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) +[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" + +############################################################ FUNCTIONS + +# dialog_menu_main +# +# Display the dialog(1)-based application main menu. +# +dialog_menu_main() +{ + local menu_list size + local hline="$hline_select_securelevel_to_operate_at" + local prompt="$msg_securelevels_menu_text" + + menu_list=" + 'X $msg_exit' '$msg_exit_this_menu' + '$msg_disabled' '$msg_disable_securelevels' + '$msg_secure' '$msg_secure_mode' + '$msg_highly_secure' '$msg_highly_secure_mode' + '$msg_network_secure' '$msg_network_secure_mode' + " # END-QUOTE + + size=$( eval f_dialog_menu_size \ + \"\$DIALOG_TITLE\" \ + \"\$DIALOG_BACKTITLE\" \ + \"\$prompt\" \ + \"\$hline\" \ + $menu_list ) + + eval $DIALOG \ + --clear --title \"\$DIALOG_TITLE\" \ + --backtitle \"\$DIALOG_BACKTITLE\" \ + --hline \"\$hline\" \ + --ok-label \"\$msg_ok\" \ + --cancel-label \"\$msg_cancel\" \ + --menu \"\$prompt\" $size \ + $menu_list \ + 2> "$DIALOG_TMPDIR/dialog.menu.$$" +} + +############################################################ MAIN + +# Incorporate rc-file if it exists +[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" + +# +# Process command-line arguments +# +while getopts hSX flag; do + case "$flag" in + h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm";; + esac +done +shift $(( $OPTIND - 1 )) + +# +# Initialize +# +f_dialog_init +f_dialog_title "$msg_securelevels_menu_title" +f_dialog_backtitle "${ipgm:+bsdconfig }$pgm" +f_mustberoot_init + +# +# Launch application main menu +# +dialog_menu_main +retval=$? +mtag=$( f_dialog_menutag ) + +[ $retval -eq 0 ] || f_die + +case "$mtag" in +"$msg_disabled") + f_sysrc_set kern_securelevel_enable "NO" + ;; +"$msg_secure") + f_sysrc_set kern_securelevel_enable "YES" + f_sysrc_set kern_securelevel "1" + ;; +"$msg_highly_secure") + f_sysrc_set kern_securelevel_enable "YES" + f_sysrc_set kern_securelevel "2" + ;; +"$msg_network_secure") + f_sysrc_set kern_securelevel_enable "YES" + f_sysrc_set kern_securelevel "3" + ;; +esac + +exit $SUCCESS + +################################################################################ +# END +################################################################################ |