diff options
author | jkh <jkh@FreeBSD.org> | 2000-10-14 21:02:31 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 2000-10-14 21:02:31 +0000 |
commit | 33cf0a74b86756a086c4142d172544683cdfe9d3 (patch) | |
tree | af2fe11d82a6e892316669c2960332ac77f69737 /usr.sbin/sysinstall/config.c | |
parent | 08327bbc406a9acb2b8422aef17971ed8ec83740 (diff) | |
download | FreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.zip FreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.tar.gz |
Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Diffstat (limited to 'usr.sbin/sysinstall/config.c')
-rw-r--r-- | usr.sbin/sysinstall/config.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index 7fd7a64..5c2e24a 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -493,6 +493,31 @@ configSecurityFascist(dialogMenuItem *self) /* More fascist stuff should go here */ if (self) + msgConfirm("Extreme security settings have been selected.\n\n" + "This means that all \"popular\" network services and\n" + "mechanisms like inetd(8) have been DISABLED by default.\n\n" + "PLEASE NOTE that this still does not save you from having\n" + "to properly secure your system in other ways or exercise\n" + "due diligence in your administration, this simply picks\n" + "a more secure set of out-of-box defaults to start with.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurityHigh(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "NO", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); + variable_set2("portmap_enable", "NO", 1); + variable_set2("nfs_server_enable", "NO", 1); + + if (self) msgConfirm("High security settings have been selected.\n\n" "This means that most \"popular\" network services and\n" "mechanisms like inetd(8) have been DISABLED by default.\n\n" |