diff options
author | jkh <jkh@FreeBSD.org> | 2000-10-14 21:02:31 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 2000-10-14 21:02:31 +0000 |
commit | 33cf0a74b86756a086c4142d172544683cdfe9d3 (patch) | |
tree | af2fe11d82a6e892316669c2960332ac77f69737 /usr.sbin | |
parent | 08327bbc406a9acb2b8422aef17971ed8ec83740 (diff) | |
download | FreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.zip FreeBSD-src-33cf0a74b86756a086c4142d172544683cdfe9d3.tar.gz |
Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/sade/config.c | 25 | ||||
-rw-r--r-- | usr.sbin/sade/menus.c | 3 | ||||
-rw-r--r-- | usr.sbin/sade/sade.h | 1 | ||||
-rw-r--r-- | usr.sbin/sysinstall/config.c | 25 | ||||
-rw-r--r-- | usr.sbin/sysinstall/menus.c | 3 | ||||
-rw-r--r-- | usr.sbin/sysinstall/sysinstall.h | 1 |
6 files changed, 56 insertions, 2 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index 7fd7a64..5c2e24a 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -493,6 +493,31 @@ configSecurityFascist(dialogMenuItem *self) /* More fascist stuff should go here */ if (self) + msgConfirm("Extreme security settings have been selected.\n\n" + "This means that all \"popular\" network services and\n" + "mechanisms like inetd(8) have been DISABLED by default.\n\n" + "PLEASE NOTE that this still does not save you from having\n" + "to properly secure your system in other ways or exercise\n" + "due diligence in your administration, this simply picks\n" + "a more secure set of out-of-box defaults to start with.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurityHigh(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "NO", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); + variable_set2("portmap_enable", "NO", 1); + variable_set2("nfs_server_enable", "NO", 1); + + if (self) msgConfirm("High security settings have been selected.\n\n" "This means that most \"popular\" network services and\n" "mechanisms like inetd(8) have been DISABLED by default.\n\n" diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index aa8e8d1..c4d1e90 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = { { { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate }, { "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal }, { "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate }, - { "High", "Very restrictive security settings.", NULL, configSecurityFascist }, + { "High", "Fairly safe security settings.", NULL, configSecurityHigh }, + { "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist }, { NULL } }, }; diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h index ba9f7b9..048a5e7 100644 --- a/usr.sbin/sade/sade.h +++ b/usr.sbin/sade/sade.h @@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); extern int configSecurityProfile(dialogMenuItem *self); extern int configSecurityFascist(dialogMenuItem *self); +extern int configSecurityHigh(dialogMenuItem *self); extern int configSecurityModerate(dialogMenuItem *self); extern int configSecurityLiberal(dialogMenuItem *self); diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index 7fd7a64..5c2e24a 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -493,6 +493,31 @@ configSecurityFascist(dialogMenuItem *self) /* More fascist stuff should go here */ if (self) + msgConfirm("Extreme security settings have been selected.\n\n" + "This means that all \"popular\" network services and\n" + "mechanisms like inetd(8) have been DISABLED by default.\n\n" + "PLEASE NOTE that this still does not save you from having\n" + "to properly secure your system in other ways or exercise\n" + "due diligence in your administration, this simply picks\n" + "a more secure set of out-of-box defaults to start with.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurityHigh(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "NO", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); + variable_set2("portmap_enable", "NO", 1); + variable_set2("nfs_server_enable", "NO", 1); + + if (self) msgConfirm("High security settings have been selected.\n\n" "This means that most \"popular\" network services and\n" "mechanisms like inetd(8) have been DISABLED by default.\n\n" diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c index aa8e8d1..c4d1e90 100644 --- a/usr.sbin/sysinstall/menus.c +++ b/usr.sbin/sysinstall/menus.c @@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = { { { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate }, { "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal }, { "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate }, - { "High", "Very restrictive security settings.", NULL, configSecurityFascist }, + { "High", "Fairly safe security settings.", NULL, configSecurityHigh }, + { "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist }, { NULL } }, }; diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h index ba9f7b9..048a5e7 100644 --- a/usr.sbin/sysinstall/sysinstall.h +++ b/usr.sbin/sysinstall/sysinstall.h @@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); extern int configSecurityProfile(dialogMenuItem *self); extern int configSecurityFascist(dialogMenuItem *self); +extern int configSecurityHigh(dialogMenuItem *self); extern int configSecurityModerate(dialogMenuItem *self); extern int configSecurityLiberal(dialogMenuItem *self); |