diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-11-29 21:44:51 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-11-29 21:44:51 +0000 |
| commit | f02bee695e62d94d0603bdd065d7d9b96c917238 (patch) | |
| tree | d7675449c1b7dc81d6d58017ad10b69d8014bc0a /usr.sbin/sade/menus.c | |
| parent | 946a19bc52b1d1001bcb8bd52380e1ffa8bdc52d (diff) | |
| download | FreeBSD-src-f02bee695e62d94d0603bdd065d7d9b96c917238.zip FreeBSD-src-f02bee695e62d94d0603bdd065d7d9b96c917238.tar.gz | |
Add a Securelevel sub-menu to the Security configuration menu,
permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
Diffstat (limited to 'usr.sbin/sade/menus.c')
| -rw-r--r-- | usr.sbin/sade/menus.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index ef4608c..46b7270 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -2229,6 +2229,8 @@ DMenu MenuSecurity = { NULL, { { "X Exit", "Exit this menu (returning to previous)", checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { " Securelevel", "Configure securelevels for the system", + NULL, configSecurelevel }, #if 0 { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, @@ -2238,6 +2240,28 @@ DMenu MenuSecurity = { { NULL } }, }; +DMenu MenuSecurelevel = { + DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS, + "Securelevel Configuration Menu", + "This menu allows you to select the securelevel your system runs with.\n" + "When operating at a securelevel, certain root privileges are disabled,\n" + "which may increase resistance to exploits and protect system integrity.\n" + "In secure mode system flags may not be overriden by the root user,\n" + "access to direct kernel memory is limited, and kernel modules may not\n" + "be changed. In highly secure mode, mounted file systems may not be\n" + "modified on-disk, tampering with the system clock is prohibited. In\n" + "network secure mode configuration changes to firwalling are prohibited.\n", + "Select a securelevel to operate at - F1 for help", + "securelevel", + { { "X Exit", "Exit this menu (returning to previous)", + checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, }, + { "Secure", "Secure mode", NULL, configSecurelevelSecure }, + { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, + { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure }, + { NULL } } +}; + DMenu MenuFixit = { DMENU_NORMAL_TYPE, "Please choose a fixit option", |
