diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-12-21 19:51:44 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-12-21 19:51:44 +0000 |
commit | 6b6187c5ffb4f5c24ac294342ae4a149673ca0b2 (patch) | |
tree | c01661fb052794de2c587c28600965c0782e5727 /usr.sbin | |
parent | 748fd602244c4f8e5a41d22992ce946e0de1ab0c (diff) | |
download | FreeBSD-src-6b6187c5ffb4f5c24ac294342ae4a149673ca0b2.zip FreeBSD-src-6b6187c5ffb4f5c24ac294342ae4a149673ca0b2.tar.gz |
o Expand the text describing the Security options menu.
o Move nfs_reserved_port_only out of security profiles (where it was
set somewhat improperly) to the Security options menu directly.
Previously, the variable was set to true for Moderate, but not for
Extreme, which is at best inconsistent.
o Update the Security Profiles help file to remove reference to the
NFS reserved port.
o Note that the kernel currently defaults the sysctl to '0', but
sysinstall has changed it to '1' as a default as of late; however,
rc.conf sets the value to NO as the default. This change brings
them relatively into sync.
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/sade/config.c | 1 | ||||
-rw-r--r-- | usr.sbin/sade/menus.c | 7 | ||||
-rw-r--r-- | usr.sbin/sysinstall/config.c | 1 | ||||
-rw-r--r-- | usr.sbin/sysinstall/help/security.hlp | 6 | ||||
-rw-r--r-- | usr.sbin/sysinstall/menus.c | 7 |
5 files changed, 12 insertions, 10 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index cf68adb..fcf0d03 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -532,7 +532,6 @@ configSecurityModerate(dialogMenuItem *self) { WINDOW *w = savescr(); - variable_set2("nfs_reserved_port_only", "YES", 1); variable_set2("sendmail_enable", "YES", 1); variable_set2("sshd_enable", "YES", 1); variable_set2("kern_securelevel_enable", "NO", 1); diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index 3e18789..bfbb317 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -2083,7 +2083,10 @@ DMenu MenuSecurity = { DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS, "System Security Options Menu", "This menu allows you to configure aspects of the operating systme\n" - "policy.\n", + "policy. If configured improperly, these settings may result in\n" + "substantially impaired system operation. Please read the system\n" + "documentation carefully before modifying these settings. Many\n" + "settings will take affect only following a system reboot.", "Configure system security options", NULL, { { "X Exit", "Exit this menu (returning to previous)", @@ -2092,6 +2095,8 @@ DMenu MenuSecurity = { NULL, configSecurityProfile }, { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, + { " NFS port", "Require that the NFS clients used reserved ports", + dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_reserved_port_only=YES" }, { NULL } }, }; diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index cf68adb..fcf0d03 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -532,7 +532,6 @@ configSecurityModerate(dialogMenuItem *self) { WINDOW *w = savescr(); - variable_set2("nfs_reserved_port_only", "YES", 1); variable_set2("sendmail_enable", "YES", 1); variable_set2("sshd_enable", "YES", 1); variable_set2("kern_securelevel_enable", "NO", 1); diff --git a/usr.sbin/sysinstall/help/security.hlp b/usr.sbin/sysinstall/help/security.hlp index ee172ff..33e52e2 100644 --- a/usr.sbin/sysinstall/help/security.hlp +++ b/usr.sbin/sysinstall/help/security.hlp @@ -5,12 +5,6 @@ profiles: Extreme Medium ------- ------ -nfs_server NO * sendmail NO YES sshd NO YES securelevel YES (2) NO - - -NOTES: -* If the machine has been configured as an NFS server, NFS will only run - on a reserved port. diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c index 3e18789..bfbb317 100644 --- a/usr.sbin/sysinstall/menus.c +++ b/usr.sbin/sysinstall/menus.c @@ -2083,7 +2083,10 @@ DMenu MenuSecurity = { DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS, "System Security Options Menu", "This menu allows you to configure aspects of the operating systme\n" - "policy.\n", + "policy. If configured improperly, these settings may result in\n" + "substantially impaired system operation. Please read the system\n" + "documentation carefully before modifying these settings. Many\n" + "settings will take affect only following a system reboot.", "Configure system security options", NULL, { { "X Exit", "Exit this menu (returning to previous)", @@ -2092,6 +2095,8 @@ DMenu MenuSecurity = { NULL, configSecurityProfile }, { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, + { " NFS port", "Require that the NFS clients used reserved ports", + dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_reserved_port_only=YES" }, { NULL } }, }; |