diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-11-28 18:47:45 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-11-28 18:47:45 +0000 |
| commit | e983c8d12df02353a044c03cba700a236381ae1f (patch) | |
| tree | 7438a7ba82574b8c95f31336320c09863c426e53 /usr.sbin/sade/config.c | |
| parent | 769360c4407229ea650d8944b6bdd883adcdf365 (diff) | |
| download | FreeBSD-src-e983c8d12df02353a044c03cba700a236381ae1f.zip FreeBSD-src-e983c8d12df02353a044c03cba700a236381ae1f.tar.gz | |
Remove security profiles from sysinstall. Currently, security profile
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
Diffstat (limited to 'usr.sbin/sade/config.c')
| -rw-r--r-- | usr.sbin/sade/config.c | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index b67e5aa6..570cb61 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -547,63 +547,6 @@ configSecurity(dialogMenuItem *self) return DITEM_SUCCESS; } -int -configSecurityProfile(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - dialog_clear_norefresh(); - dmenuOpenSimple(&MenuSecurityProfile, FALSE); - restorescr(w); - return DITEM_SUCCESS; -} - -/* Use the most extreme security settings */ -int -configSecurityExtreme(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - variable_set2("sshd_enable", "NO", 1); - variable_set2("kern_securelevel_enable", "YES", 1); - variable_set2("kern_securelevel", "2", 1); - - if (self) - msgConfirm("Extreme security settings have been selected.\n\n" - "Sshd has been disabled, and kernel security levels have" - "been enabled.\n\n" - "PLEASE NOTE that this still does not save you from having\n" - "to properly secure your system in other ways or exercise\n" - "due diligence in your administration, this simply picks\n" - "a more secure set of out-of-box defaults to start with.\n\n" - "To change any of these settings later, edit /etc/rc.conf"); - - restorescr(w); - return DITEM_SUCCESS; -} - -int -configSecurityModerate(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - variable_set2("sshd_enable", "YES", 1); - variable_set2("kern_securelevel_enable", "NO", 1); - - if (self) - msgConfirm("Moderate security settings have been selected.\n\n" - "Sshd has been enabled and kernel securelevels are disabled;\n" - "all other settings have been left intact.\n\n" - "PLEASE NOTE that this still does not save you from having\n" - "to properly secure your system in other ways or exercise\n" - "due diligence in your administration, this simply picks\n" - "a standard set of out-of-box defaults to start with.\n\n" - "To change any of these settings later, edit /etc/rc.conf"); - - restorescr(w); - return DITEM_SUCCESS; -} - static void write_root_xprofile(char *str) { |
