diff options
-rw-r--r-- | usr.sbin/sade/config.c | 46 | ||||
-rw-r--r-- | usr.sbin/sade/menus.c | 24 | ||||
-rw-r--r-- | usr.sbin/sade/sade.h | 7 | ||||
-rw-r--r-- | usr.sbin/sysinstall/config.c | 46 | ||||
-rw-r--r-- | usr.sbin/sysinstall/help/securelevel.hlp | 36 | ||||
-rw-r--r-- | usr.sbin/sysinstall/menus.c | 24 | ||||
-rw-r--r-- | usr.sbin/sysinstall/sysinstall.h | 7 |
7 files changed, 190 insertions, 0 deletions
diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index 570cb61..27937e1 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -537,6 +537,52 @@ configOSF1(dialogMenuItem *self) #endif int +configSecurelevel(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + dialog_clear_norefresh(); + dmenuOpenSimple(&MenuSecurelevel, FALSE); + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurelevelDisabled(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "NO", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelSecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "1", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelHighlySecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "2", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelNetworkSecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "3", 1); + return DITEM_SUCCESS; +} + +int configSecurity(dialogMenuItem *self) { WINDOW *w = savescr(); diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index ef4608c..46b7270 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -2229,6 +2229,8 @@ DMenu MenuSecurity = { NULL, { { "X Exit", "Exit this menu (returning to previous)", checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { " Securelevel", "Configure securelevels for the system", + NULL, configSecurelevel }, #if 0 { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, @@ -2238,6 +2240,28 @@ DMenu MenuSecurity = { { NULL } }, }; +DMenu MenuSecurelevel = { + DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS, + "Securelevel Configuration Menu", + "This menu allows you to select the securelevel your system runs with.\n" + "When operating at a securelevel, certain root privileges are disabled,\n" + "which may increase resistance to exploits and protect system integrity.\n" + "In secure mode system flags may not be overriden by the root user,\n" + "access to direct kernel memory is limited, and kernel modules may not\n" + "be changed. In highly secure mode, mounted file systems may not be\n" + "modified on-disk, tampering with the system clock is prohibited. In\n" + "network secure mode configuration changes to firwalling are prohibited.\n", + "Select a securelevel to operate at - F1 for help", + "securelevel", + { { "X Exit", "Exit this menu (returning to previous)", + checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, }, + { "Secure", "Secure mode", NULL, configSecurelevelSecure }, + { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, + { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure }, + { NULL } } +}; + DMenu MenuFixit = { DMENU_NORMAL_TYPE, "Please choose a fixit option", diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h index 9ba8336..507bfca 100644 --- a/usr.sbin/sade/sade.h +++ b/usr.sbin/sade/sade.h @@ -143,6 +143,7 @@ #define VAR_IPADDR "ipaddr" #define VAR_IPV6_ENABLE "ipv6_enable" #define VAR_IPV6ADDR "ipv6addr" +#define VAR_KERN_SECURELEVEL "kern_securelevel" #define VAR_KEYMAP "keymap" #define VAR_LABEL "label" #define VAR_LABEL_COUNT "labelCount" @@ -452,6 +453,7 @@ extern DMenu MenuMediaTape; /* Tape media menu */ extern DMenu MenuNetworkDevice; /* Network device menu */ extern DMenu MenuNTP; /* NTP time server menu */ extern DMenu MenuSecurity; /* System security options menu */ +extern DMenu MenuSecurelevel; /* Securelevel menu */ extern DMenu MenuStartup; /* Startup services menu */ #ifdef WITH_SYSCONS extern DMenu MenuSyscons; /* System console configuration menu */ @@ -531,6 +533,11 @@ extern int configMTAPostfix(dialogMenuItem *self); extern int configMTAExim(dialogMenuItem *self); extern int configRpcBind(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); +extern int configSecurelevel(dialogMenuItem *self); +extern int configSecurelevelDisabled(dialogMenuItem *self); +extern int configSecurelevelSecure(dialogMenuItem *self); +extern int configSecurelevelHighlySecure(dialogMenuItem *self); +extern int configSecurelevelNetworkSecure(dialogMenuItem *self); extern int configEtcTtys(dialogMenuItem *self); #ifdef __i386__ extern int checkLoaderACPI(void); diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index 570cb61..27937e1 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -537,6 +537,52 @@ configOSF1(dialogMenuItem *self) #endif int +configSecurelevel(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + dialog_clear_norefresh(); + dmenuOpenSimple(&MenuSecurelevel, FALSE); + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurelevelDisabled(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "NO", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelSecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "1", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelHighlySecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "2", 1); + return DITEM_SUCCESS; +} + +int +configSecurelevelNetworkSecure(dialogMenuItem *self) +{ + + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "3", 1); + return DITEM_SUCCESS; +} + +int configSecurity(dialogMenuItem *self) { WINDOW *w = savescr(); diff --git a/usr.sbin/sysinstall/help/securelevel.hlp b/usr.sbin/sysinstall/help/securelevel.hlp new file mode 100644 index 0000000..44fa39b --- /dev/null +++ b/usr.sbin/sysinstall/help/securelevel.hlp @@ -0,0 +1,36 @@ +This menu allows you to configure the Securelevel mechanism in FreeBSD. + +Securelevels may be used to limit the privileges assigned to the +root user in multi-user mode, which in turn may limit the effects of +a root compromise, at the cost of reducing administrative functions. +Refer to the init(8) manual page for complete details. + + -1 Permanently insecure mode - always run the system in level 0 mode. + This is the default initial value. + + 0 Insecure mode - immutable and append-only flags may be turned off. + All devices may be read or written subject to their permissions. + + 1 Secure mode - the system immutable and system append-only flags may + not be turned off; disks for mounted file systems, /dev/mem, and + /dev/kmem may not be opened for writing; kernel modules (see + kld(4)) may not be loaded or unloaded. + + 2 Highly secure mode - same as secure mode, plus disks may not be + opened for writing (except by mount(2)) whether mounted or not. + This level precludes tampering with file systems by unmounting + them, but also inhibits running newfs(8) while the system is multi- + user. + + In addition, kernel time changes are restricted to less than or + equal to one second. Attempts to change the time by more than this + will log the message ``Time adjustment clamped to +1 second''. + + 3 Network secure mode - same as highly secure mode, plus IP packet + filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and + dummynet(4) configuration cannot be adjusted. + +Securelevels must be used in combination with careful system design and +application of protective mechanisms to prevent system configuration +files from being modified in a way that compromises the protections of +the securelevel variable upon reboot. diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c index ef4608c..46b7270 100644 --- a/usr.sbin/sysinstall/menus.c +++ b/usr.sbin/sysinstall/menus.c @@ -2229,6 +2229,8 @@ DMenu MenuSecurity = { NULL, { { "X Exit", "Exit this menu (returning to previous)", checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { " Securelevel", "Configure securelevels for the system", + NULL, configSecurelevel }, #if 0 { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, @@ -2238,6 +2240,28 @@ DMenu MenuSecurity = { { NULL } }, }; +DMenu MenuSecurelevel = { + DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS, + "Securelevel Configuration Menu", + "This menu allows you to select the securelevel your system runs with.\n" + "When operating at a securelevel, certain root privileges are disabled,\n" + "which may increase resistance to exploits and protect system integrity.\n" + "In secure mode system flags may not be overriden by the root user,\n" + "access to direct kernel memory is limited, and kernel modules may not\n" + "be changed. In highly secure mode, mounted file systems may not be\n" + "modified on-disk, tampering with the system clock is prohibited. In\n" + "network secure mode configuration changes to firwalling are prohibited.\n", + "Select a securelevel to operate at - F1 for help", + "securelevel", + { { "X Exit", "Exit this menu (returning to previous)", + checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, }, + { "Secure", "Secure mode", NULL, configSecurelevelSecure }, + { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, + { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure }, + { NULL } } +}; + DMenu MenuFixit = { DMENU_NORMAL_TYPE, "Please choose a fixit option", diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h index 9ba8336..507bfca 100644 --- a/usr.sbin/sysinstall/sysinstall.h +++ b/usr.sbin/sysinstall/sysinstall.h @@ -143,6 +143,7 @@ #define VAR_IPADDR "ipaddr" #define VAR_IPV6_ENABLE "ipv6_enable" #define VAR_IPV6ADDR "ipv6addr" +#define VAR_KERN_SECURELEVEL "kern_securelevel" #define VAR_KEYMAP "keymap" #define VAR_LABEL "label" #define VAR_LABEL_COUNT "labelCount" @@ -452,6 +453,7 @@ extern DMenu MenuMediaTape; /* Tape media menu */ extern DMenu MenuNetworkDevice; /* Network device menu */ extern DMenu MenuNTP; /* NTP time server menu */ extern DMenu MenuSecurity; /* System security options menu */ +extern DMenu MenuSecurelevel; /* Securelevel menu */ extern DMenu MenuStartup; /* Startup services menu */ #ifdef WITH_SYSCONS extern DMenu MenuSyscons; /* System console configuration menu */ @@ -531,6 +533,11 @@ extern int configMTAPostfix(dialogMenuItem *self); extern int configMTAExim(dialogMenuItem *self); extern int configRpcBind(dialogMenuItem *self); extern int configWriteRC_conf(dialogMenuItem *self); +extern int configSecurelevel(dialogMenuItem *self); +extern int configSecurelevelDisabled(dialogMenuItem *self); +extern int configSecurelevelSecure(dialogMenuItem *self); +extern int configSecurelevelHighlySecure(dialogMenuItem *self); +extern int configSecurelevelNetworkSecure(dialogMenuItem *self); extern int configEtcTtys(dialogMenuItem *self); #ifdef __i386__ extern int checkLoaderACPI(void); |