summaryrefslogtreecommitdiffstats
path: root/usr.sbin
diff options
context:
space:
mode:
authorjkh <jkh@FreeBSD.org>2000-10-14 21:02:31 +0000
committerjkh <jkh@FreeBSD.org>2000-10-14 21:02:31 +0000
commit33cf0a74b86756a086c4142d172544683cdfe9d3 (patch)
treeaf2fe11d82a6e892316669c2960332ac77f69737 /usr.sbin
parent08327bbc406a9acb2b8422aef17971ed8ec83740 (diff)
downloadFreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.zip
FreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.tar.gz
Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's extreme (everything off, secure level raised). Submitted mostly by: Tony Finch <dot@dotat.at>
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/sade/config.c25
-rw-r--r--usr.sbin/sade/menus.c3
-rw-r--r--usr.sbin/sade/sade.h1
-rw-r--r--usr.sbin/sysinstall/config.c25
-rw-r--r--usr.sbin/sysinstall/menus.c3
-rw-r--r--usr.sbin/sysinstall/sysinstall.h1
6 files changed, 56 insertions, 2 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c
index 7fd7a64..5c2e24a 100644
--- a/usr.sbin/sade/config.c
+++ b/usr.sbin/sade/config.c
@@ -493,6 +493,31 @@ configSecurityFascist(dialogMenuItem *self)
/* More fascist stuff should go here */
if (self)
+ msgConfirm("Extreme security settings have been selected.\n\n"
+ "This means that all \"popular\" network services and\n"
+ "mechanisms like inetd(8) have been DISABLED by default.\n\n"
+ "PLEASE NOTE that this still does not save you from having\n"
+ "to properly secure your system in other ways or exercise\n"
+ "due diligence in your administration, this simply picks\n"
+ "a more secure set of out-of-box defaults to start with.\n\n"
+ "To change any of these settings later, edit /etc/rc.conf");
+
+ restorescr(w);
+ return DITEM_SUCCESS;
+}
+
+int
+configSecurityHigh(dialogMenuItem *self)
+{
+ WINDOW *w = savescr();
+
+ variable_set2("inetd_enable", "NO", 1);
+ variable_set2("sendmail_enable", "YES", 1);
+ variable_set2("sshd_enable", "YES", 1);
+ variable_set2("portmap_enable", "NO", 1);
+ variable_set2("nfs_server_enable", "NO", 1);
+
+ if (self)
msgConfirm("High security settings have been selected.\n\n"
"This means that most \"popular\" network services and\n"
"mechanisms like inetd(8) have been DISABLED by default.\n\n"
diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c
index aa8e8d1..c4d1e90 100644
--- a/usr.sbin/sade/menus.c
+++ b/usr.sbin/sade/menus.c
@@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = {
{ { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate },
{ "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal },
{ "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
- { "High", "Very restrictive security settings.", NULL, configSecurityFascist },
+ { "High", "Fairly safe security settings.", NULL, configSecurityHigh },
+ { "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist },
{ NULL } },
};
diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h
index ba9f7b9..048a5e7 100644
--- a/usr.sbin/sade/sade.h
+++ b/usr.sbin/sade/sade.h
@@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self);
extern int configWriteRC_conf(dialogMenuItem *self);
extern int configSecurityProfile(dialogMenuItem *self);
extern int configSecurityFascist(dialogMenuItem *self);
+extern int configSecurityHigh(dialogMenuItem *self);
extern int configSecurityModerate(dialogMenuItem *self);
extern int configSecurityLiberal(dialogMenuItem *self);
diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c
index 7fd7a64..5c2e24a 100644
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@@ -493,6 +493,31 @@ configSecurityFascist(dialogMenuItem *self)
/* More fascist stuff should go here */
if (self)
+ msgConfirm("Extreme security settings have been selected.\n\n"
+ "This means that all \"popular\" network services and\n"
+ "mechanisms like inetd(8) have been DISABLED by default.\n\n"
+ "PLEASE NOTE that this still does not save you from having\n"
+ "to properly secure your system in other ways or exercise\n"
+ "due diligence in your administration, this simply picks\n"
+ "a more secure set of out-of-box defaults to start with.\n\n"
+ "To change any of these settings later, edit /etc/rc.conf");
+
+ restorescr(w);
+ return DITEM_SUCCESS;
+}
+
+int
+configSecurityHigh(dialogMenuItem *self)
+{
+ WINDOW *w = savescr();
+
+ variable_set2("inetd_enable", "NO", 1);
+ variable_set2("sendmail_enable", "YES", 1);
+ variable_set2("sshd_enable", "YES", 1);
+ variable_set2("portmap_enable", "NO", 1);
+ variable_set2("nfs_server_enable", "NO", 1);
+
+ if (self)
msgConfirm("High security settings have been selected.\n\n"
"This means that most \"popular\" network services and\n"
"mechanisms like inetd(8) have been DISABLED by default.\n\n"
diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c
index aa8e8d1..c4d1e90 100644
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = {
{ { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate },
{ "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal },
{ "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
- { "High", "Very restrictive security settings.", NULL, configSecurityFascist },
+ { "High", "Fairly safe security settings.", NULL, configSecurityHigh },
+ { "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist },
{ NULL } },
};
diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h
index ba9f7b9..048a5e7 100644
--- a/usr.sbin/sysinstall/sysinstall.h
+++ b/usr.sbin/sysinstall/sysinstall.h
@@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self);
extern int configWriteRC_conf(dialogMenuItem *self);
extern int configSecurityProfile(dialogMenuItem *self);
extern int configSecurityFascist(dialogMenuItem *self);
+extern int configSecurityHigh(dialogMenuItem *self);
extern int configSecurityModerate(dialogMenuItem *self);
extern int configSecurityLiberal(dialogMenuItem *self);
OpenPOWER on IntegriCloud