7 files changed, 190 insertions, 0 deletions

diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c
index 570cb61..27937e1 100644
--- a/usr.sbin/sade/config.c
+++ b/usr.sbin/sade/config.c
@@ -537,6 +537,52 @@ configOSF1(dialogMenuItem *self)
 #endif
 
 int
+configSecurelevel(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurelevel, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelDisabled(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "NO", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "1", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelHighlySecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "2", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelNetworkSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "3", 1);
+    return DITEM_SUCCESS;
+}
+
+int
 configSecurity(dialogMenuItem *self)
 {
     WINDOW *w = savescr();
diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c
index ef4608c..46b7270 100644
--- a/usr.sbin/sade/menus.c
+++ b/usr.sbin/sade/menus.c
@@ -2229,6 +2229,8 @@ DMenu MenuSecurity = {
     NULL,
     { { "X Exit",      "Exit this menu (returning to previous)",
 	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Securelevel",	"Configure securelevels for the system",
+	NULL, configSecurelevel },
 #if 0
       { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
@@ -2238,6 +2240,28 @@ DMenu MenuSecurity = {
       { NULL } },
 };
 
+DMenu MenuSecurelevel = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Securelevel Configuration Menu",
+    "This menu allows you to select the securelevel your system runs with.\n"
+    "When operating at a securelevel, certain root privileges are disabled,\n"
+    "which may increase resistance to exploits and protect system integrity.\n"
+    "In secure mode system flags may not be overriden by the root user,\n"
+    "access to direct kernel memory is limited, and kernel modules may not\n"
+    "be changed.  In highly secure mode, mounted file systems may not be\n"
+    "modified on-disk, tampering with the system clock is prohibited.  In\n"
+    "network secure mode configuration changes to firwalling are prohibited.\n",
+    "Select a securelevel to operate at - F1 for help",
+    "securelevel",
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, },
+      { "Secure", "Secure mode", NULL, configSecurelevelSecure },
+      { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, 
+      { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure },
+      { NULL } }
+};
+
 DMenu MenuFixit = {
     DMENU_NORMAL_TYPE,
     "Please choose a fixit option",
diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h
index 9ba8336..507bfca 100644
--- a/usr.sbin/sade/sade.h
+++ b/usr.sbin/sade/sade.h
@@ -143,6 +143,7 @@
 #define VAR_IPADDR			"ipaddr"
 #define VAR_IPV6_ENABLE			"ipv6_enable"
 #define VAR_IPV6ADDR			"ipv6addr"
+#define VAR_KERN_SECURELEVEL		"kern_securelevel"
 #define VAR_KEYMAP			"keymap"
 #define VAR_LABEL			"label"
 #define VAR_LABEL_COUNT			"labelCount"
@@ -452,6 +453,7 @@ extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
 extern DMenu		MenuSecurity;		/* System security options menu			*/
+extern DMenu		MenuSecurelevel;	/* Securelevel menu */
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 #ifdef WITH_SYSCONS
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
@@ -531,6 +533,11 @@ extern int	configMTAPostfix(dialogMenuItem *self);
 extern int	configMTAExim(dialogMenuItem *self);
 extern int	configRpcBind(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
+extern int	configSecurelevel(dialogMenuItem *self);
+extern int	configSecurelevelDisabled(dialogMenuItem *self);
+extern int	configSecurelevelSecure(dialogMenuItem *self);
+extern int	configSecurelevelHighlySecure(dialogMenuItem *self);
+extern int	configSecurelevelNetworkSecure(dialogMenuItem *self);
 extern int	configEtcTtys(dialogMenuItem *self);
 #ifdef __i386__
 extern int	checkLoaderACPI(void);
diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c
index 570cb61..27937e1 100644
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@@ -537,6 +537,52 @@ configOSF1(dialogMenuItem *self)
 #endif
 
 int
+configSecurelevel(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurelevel, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelDisabled(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "NO", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "1", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelHighlySecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "2", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelNetworkSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "3", 1);
+    return DITEM_SUCCESS;
+}
+
+int
 configSecurity(dialogMenuItem *self)
 {
     WINDOW *w = savescr();
diff --git a/usr.sbin/sysinstall/help/securelevel.hlp b/usr.sbin/sysinstall/help/securelevel.hlp
new file mode 100644
index 0000000..44fa39b
--- /dev/null
+++ b/usr.sbin/sysinstall/help/securelevel.hlp
@@ -0,0 +1,36 @@
+This menu allows you to configure the Securelevel mechanism in FreeBSD.
+
+Securelevels may be used to limit the privileges assigned to the
+root user in multi-user mode, which in turn may limit the effects of
+a root compromise, at the cost of reducing administrative functions.
+Refer to the init(8) manual page for complete details.
+
+   -1    Permanently insecure mode - always run the system in level 0 mode.
+         This is the default initial value.
+
+   0     Insecure mode - immutable and append-only flags may be turned off.
+         All devices may be read or written subject to their permissions.
+
+   1     Secure mode - the system immutable and system append-only flags may
+         not be turned off; disks for mounted file systems, /dev/mem, and
+         /dev/kmem may not be opened for writing; kernel modules (see
+         kld(4)) may not be loaded or unloaded.
+
+   2     Highly secure mode - same as secure mode, plus disks may not be
+         opened for writing (except by mount(2)) whether mounted or not.
+         This level precludes tampering with file systems by unmounting
+         them, but also inhibits running newfs(8) while the system is multi-
+         user.
+
+         In addition, kernel time changes are restricted to less than or
+         equal to one second.  Attempts to change the time by more than this
+         will log the message ``Time adjustment clamped to +1 second''.
+
+   3     Network secure mode - same as highly secure mode, plus IP packet
+         filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
+         dummynet(4) configuration cannot be adjusted.
+
+Securelevels must be used in combination with careful system design and
+application of protective mechanisms to prevent system configuration
+files from being modified in a way that compromises the protections of
+the securelevel variable upon reboot.
diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c
index ef4608c..46b7270 100644
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@@ -2229,6 +2229,8 @@ DMenu MenuSecurity = {
     NULL,
     { { "X Exit",      "Exit this menu (returning to previous)",
 	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Securelevel",	"Configure securelevels for the system",
+	NULL, configSecurelevel },
 #if 0
       { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
@@ -2238,6 +2240,28 @@ DMenu MenuSecurity = {
       { NULL } },
 };
 
+DMenu MenuSecurelevel = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Securelevel Configuration Menu",
+    "This menu allows you to select the securelevel your system runs with.\n"
+    "When operating at a securelevel, certain root privileges are disabled,\n"
+    "which may increase resistance to exploits and protect system integrity.\n"
+    "In secure mode system flags may not be overriden by the root user,\n"
+    "access to direct kernel memory is limited, and kernel modules may not\n"
+    "be changed.  In highly secure mode, mounted file systems may not be\n"
+    "modified on-disk, tampering with the system clock is prohibited.  In\n"
+    "network secure mode configuration changes to firwalling are prohibited.\n",
+    "Select a securelevel to operate at - F1 for help",
+    "securelevel",
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, },
+      { "Secure", "Secure mode", NULL, configSecurelevelSecure },
+      { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, 
+      { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure },
+      { NULL } }
+};
+
 DMenu MenuFixit = {
     DMENU_NORMAL_TYPE,
     "Please choose a fixit option",
diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h
index 9ba8336..507bfca 100644
--- a/usr.sbin/sysinstall/sysinstall.h
+++ b/usr.sbin/sysinstall/sysinstall.h
@@ -143,6 +143,7 @@
 #define VAR_IPADDR			"ipaddr"
 #define VAR_IPV6_ENABLE			"ipv6_enable"
 #define VAR_IPV6ADDR			"ipv6addr"
+#define VAR_KERN_SECURELEVEL		"kern_securelevel"
 #define VAR_KEYMAP			"keymap"
 #define VAR_LABEL			"label"
 #define VAR_LABEL_COUNT			"labelCount"
@@ -452,6 +453,7 @@ extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
 extern DMenu		MenuSecurity;		/* System security options menu			*/
+extern DMenu		MenuSecurelevel;	/* Securelevel menu */
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 #ifdef WITH_SYSCONS
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
@@ -531,6 +533,11 @@ extern int	configMTAPostfix(dialogMenuItem *self);
 extern int	configMTAExim(dialogMenuItem *self);
 extern int	configRpcBind(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
+extern int	configSecurelevel(dialogMenuItem *self);
+extern int	configSecurelevelDisabled(dialogMenuItem *self);
+extern int	configSecurelevelSecure(dialogMenuItem *self);
+extern int	configSecurelevelHighlySecure(dialogMenuItem *self);
+extern int	configSecurelevelNetworkSecure(dialogMenuItem *self);
 extern int	configEtcTtys(dialogMenuItem *self);
 #ifdef __i386__
 extern int	checkLoaderACPI(void);