diff options
| author | Renato Botelho <renato@netgate.com> | 2016-08-30 09:16:26 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-08-30 09:16:26 -0300 |
| commit | e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37 (patch) | |
| tree | 95094d421c5ebf0b854e407b2c8cf95cd477cfe6 /usr.sbin | |
| parent | 5f4dbd408a354e294fdffc23ee889af03b7cfc28 (diff) | |
| parent | 291ace88ce68593a48f5106c882907a01e40b0ec (diff) | |
| download | FreeBSD-src-e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37.zip FreeBSD-src-e2fb654fb7e1727e7fc2778c4c2fbd8b4733fe37.tar.gz | |
Merge remote-tracking branch 'origin/stable/11' into devel-11
Diffstat (limited to 'usr.sbin')
| -rwxr-xr-x | usr.sbin/bsdinstall/scripts/hardening | 5 | ||||
| -rw-r--r-- | usr.sbin/ntp/doc/sntp.8 | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/usr.sbin/bsdinstall/scripts/hardening b/usr.sbin/bsdinstall/scripts/hardening index 197ba1e..130a9f7 100755 --- a/usr.sbin/bsdinstall/scripts/hardening +++ b/usr.sbin/bsdinstall/scripts/hardening @@ -29,6 +29,7 @@ : ${DIALOG_OK=0} echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening +echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening exec 3>&1 FEATURES=$( dialog --backtitle "FreeBSD Installer" \ @@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \ "hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \ "read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ "proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ - "random_pid" "Randomize the PID of newly created processes" ${random_id:-off} \ + "random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \ "stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \ "clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ "disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ @@ -60,7 +61,7 @@ for feature in $FEATURES; do if [ "$feature" = "proc_debug" ]; then echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi - if [ "$feature" = "random_id" ]; then + if [ "$feature" = "random_pid" ]; then echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "stack_guard" ]; then diff --git a/usr.sbin/ntp/doc/sntp.8 b/usr.sbin/ntp/doc/sntp.8 index c0ab263..656f743 100644 --- a/usr.sbin/ntp/doc/sntp.8 +++ b/usr.sbin/ntp/doc/sntp.8 @@ -213,7 +213,7 @@ of seconds specified before giving up. The default should be more than enough for a unicast response. If \fBsntp\fP is only waiting for a broadcast response a longer timeout is likely needed. -.It Fl \-wait , " Fl \-no\-wait" +.It Fl \-wait , Fl \-no\-wait Wait for pending replies (if not setting the time). The \fIno\-wait\fP form will disable the option. This option is enabled by default. |
