diff options
author | Renato Botelho <renato@netgate.com> | 2016-08-30 09:16:26 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-08-30 09:16:26 -0300 |
commit | e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37 (patch) | |
tree | 95094d421c5ebf0b854e407b2c8cf95cd477cfe6 /usr.sbin/bsdinstall/scripts/hardening | |
parent | 5f4dbd408a354e294fdffc23ee889af03b7cfc28 (diff) | |
parent | 291ace88ce68593a48f5106c882907a01e40b0ec (diff) | |
download | FreeBSD-src-e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37.zip FreeBSD-src-e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37.tar.gz |
Merge remote-tracking branch 'origin/stable/11' into devel-11
Diffstat (limited to 'usr.sbin/bsdinstall/scripts/hardening')
-rwxr-xr-x | usr.sbin/bsdinstall/scripts/hardening | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/bsdinstall/scripts/hardening b/usr.sbin/bsdinstall/scripts/hardening index 197ba1e..130a9f7 100755 --- a/usr.sbin/bsdinstall/scripts/hardening +++ b/usr.sbin/bsdinstall/scripts/hardening @@ -29,6 +29,7 @@ : ${DIALOG_OK=0} echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening +echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening exec 3>&1 FEATURES=$( dialog --backtitle "FreeBSD Installer" \ @@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \ "hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \ "read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ "proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ - "random_pid" "Randomize the PID of newly created processes" ${random_id:-off} \ + "random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \ "stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \ "clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ "disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ @@ -60,7 +61,7 @@ for feature in $FEATURES; do if [ "$feature" = "proc_debug" ]; then echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi - if [ "$feature" = "random_id" ]; then + if [ "$feature" = "random_pid" ]; then echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "stack_guard" ]; then |