summaryrefslogtreecommitdiffstats
path: root/usr.sbin
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2001-12-21 19:51:44 +0000
committerrwatson <rwatson@FreeBSD.org>2001-12-21 19:51:44 +0000
commit6b6187c5ffb4f5c24ac294342ae4a149673ca0b2 (patch)
treec01661fb052794de2c587c28600965c0782e5727 /usr.sbin
parent748fd602244c4f8e5a41d22992ce946e0de1ab0c (diff)
downloadFreeBSD-src-6b6187c5ffb4f5c24ac294342ae4a149673ca0b2.zip
FreeBSD-src-6b6187c5ffb4f5c24ac294342ae4a149673ca0b2.tar.gz
o Expand the text describing the Security options menu.
o Move nfs_reserved_port_only out of security profiles (where it was set somewhat improperly) to the Security options menu directly. Previously, the variable was set to true for Moderate, but not for Extreme, which is at best inconsistent. o Update the Security Profiles help file to remove reference to the NFS reserved port. o Note that the kernel currently defaults the sysctl to '0', but sysinstall has changed it to '1' as a default as of late; however, rc.conf sets the value to NO as the default. This change brings them relatively into sync. Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/sade/config.c1
-rw-r--r--usr.sbin/sade/menus.c7
-rw-r--r--usr.sbin/sysinstall/config.c1
-rw-r--r--usr.sbin/sysinstall/help/security.hlp6
-rw-r--r--usr.sbin/sysinstall/menus.c7
5 files changed, 12 insertions, 10 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c
index cf68adb..fcf0d03 100644
--- a/usr.sbin/sade/config.c
+++ b/usr.sbin/sade/config.c
@@ -532,7 +532,6 @@ configSecurityModerate(dialogMenuItem *self)
{
WINDOW *w = savescr();
- variable_set2("nfs_reserved_port_only", "YES", 1);
variable_set2("sendmail_enable", "YES", 1);
variable_set2("sshd_enable", "YES", 1);
variable_set2("kern_securelevel_enable", "NO", 1);
diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c
index 3e18789..bfbb317 100644
--- a/usr.sbin/sade/menus.c
+++ b/usr.sbin/sade/menus.c
@@ -2083,7 +2083,10 @@ DMenu MenuSecurity = {
DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
"System Security Options Menu",
"This menu allows you to configure aspects of the operating systme\n"
- "policy.\n",
+ "policy. If configured improperly, these settings may result in\n"
+ "substantially impaired system operation. Please read the system\n"
+ "documentation carefully before modifying these settings. Many\n"
+ "settings will take affect only following a system reboot.",
"Configure system security options",
NULL,
{ { "X Exit", "Exit this menu (returning to previous)",
@@ -2092,6 +2095,8 @@ DMenu MenuSecurity = {
NULL, configSecurityProfile },
{ " LOMAC", "Use Low Watermark Mandatory Access Control at boot",
dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" },
+ { " NFS port", "Require that the NFS clients used reserved ports",
+ dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_reserved_port_only=YES" },
{ NULL } },
};
diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c
index cf68adb..fcf0d03 100644
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@@ -532,7 +532,6 @@ configSecurityModerate(dialogMenuItem *self)
{
WINDOW *w = savescr();
- variable_set2("nfs_reserved_port_only", "YES", 1);
variable_set2("sendmail_enable", "YES", 1);
variable_set2("sshd_enable", "YES", 1);
variable_set2("kern_securelevel_enable", "NO", 1);
diff --git a/usr.sbin/sysinstall/help/security.hlp b/usr.sbin/sysinstall/help/security.hlp
index ee172ff..33e52e2 100644
--- a/usr.sbin/sysinstall/help/security.hlp
+++ b/usr.sbin/sysinstall/help/security.hlp
@@ -5,12 +5,6 @@ profiles:
Extreme Medium
------- ------
-nfs_server NO *
sendmail NO YES
sshd NO YES
securelevel YES (2) NO
-
-
-NOTES:
-* If the machine has been configured as an NFS server, NFS will only run
- on a reserved port.
diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c
index 3e18789..bfbb317 100644
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@@ -2083,7 +2083,10 @@ DMenu MenuSecurity = {
DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
"System Security Options Menu",
"This menu allows you to configure aspects of the operating systme\n"
- "policy.\n",
+ "policy. If configured improperly, these settings may result in\n"
+ "substantially impaired system operation. Please read the system\n"
+ "documentation carefully before modifying these settings. Many\n"
+ "settings will take affect only following a system reboot.",
"Configure system security options",
NULL,
{ { "X Exit", "Exit this menu (returning to previous)",
@@ -2092,6 +2095,8 @@ DMenu MenuSecurity = {
NULL, configSecurityProfile },
{ " LOMAC", "Use Low Watermark Mandatory Access Control at boot",
dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" },
+ { " NFS port", "Require that the NFS clients used reserved ports",
+ dmenuVarCheck, dmenuToggleVariable, NULL, "nfs_reserved_port_only=YES" },
{ NULL } },
};
OpenPOWER on IntegriCloud