diff options
Diffstat (limited to 'release/sysinstall/config.c')
-rw-r--r-- | release/sysinstall/config.c | 93 |
1 files changed, 89 insertions, 4 deletions
diff --git a/release/sysinstall/config.c b/release/sysinstall/config.c index 8ce295b..cf37e94 100644 --- a/release/sysinstall/config.c +++ b/release/sysinstall/config.c @@ -388,10 +388,6 @@ configRC_conf(void) fprintf(rcSite, "# This file now contains just the overrides from /etc/defaults/rc.conf\n"); fprintf(rcSite, "# please make all changes to this file.\n\n"); fprintf(rcSite, "# Enable network daemons for user convenience.\n"); - fprintf(rcSite, "inetd_enable=\"YES\"\n"); - fprintf(rcSite, "portmap_enable=\"YES\"\n"); - fprintf(rcSite, "sendmail_enable=\"YES\"\n"); - fprintf(rcSite, "sshd_enable=\"YES\"\n"); } /* Now do variable substitutions */ @@ -470,6 +466,95 @@ configLinux(dialogMenuItem *self) return i; } +int +configSecurityProfile(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + dialog_clear_norefresh(); + dmenuOpenSimple(&MenuSecurityProfile, FALSE); + restorescr(w); + return DITEM_SUCCESS; +} + +/* Use the most fascist security settings */ +int +configSecurityFascist(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "NO", 1); + variable_set2("portmap_enable", "NO", 1); + variable_set2("sendmail_enable", "NO", 1); + variable_set2("sshd_enable", "NO", 1); + variable_set2("nfs_server_enable", "NO", 1); + variable_set2("kern_securelevel_enable", "YES", 1); + variable_set2("kern_securelevel", "2", 1); + /* More fascist stuff should go here */ + + msgConfirm("High security settings have been selected.\n\n" + "This means that most \"popular\" network services and\n" + "mechanisms like inetd(8) have been DISABLED by default.\n\n" + "PLEASE NOTE that this still does not save you from having\n" + "to properly secure your system in other ways or exercise\n" + "due diligence in your administration, this simply picks\n" + "a more secure set of out-of-box defaults to start with.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurityModerate(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "YES", 1); + if (!variable_cmp("nfs_client_enable", "YES") || + !variable_cmp("nfs_server_enable", "YES")) + variable_set2("portmap_enable", "YES", 1); + if (!variable_cmp("nfs_server_enable", "YES")) + variable_set2("nfs_reserved_port_only", "YES", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); + + msgConfirm("Moderate security settings have been selected.\n\n" + "This means that most \"popular\" network services and\n" + "mechanisms like inetd(8) have been enabled by default\n" + "for a comfortable user experience but with possible\n" + "trade-offs in system security. If this bothers you and\n" + "you know exactly what you are doing, select the high\n" + "high security profile instead.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + +int +configSecurityLiberal(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + variable_set2("inetd_enable", "YES", 1); + variable_set2("portmap_enable", "YES", 1); + variable_set2("sendmail_enable", "YES", 1); + variable_set2("sshd_enable", "YES", 1); + + msgConfirm("Liberal security settings have been selected.\n\n" + "This means that most \"popular\" network services and\n" + "mechanisms like inetd(8) have been enabled by default\n" + "for the most comfortable user experience but with possible\n" + "trade-offs in system security. If this bothers you, select\n" + "the medium security profile or, if you know exactly what you\n" + "are doing, the high security profile instead.\n\n" + "To change any of these settings later, edit /etc/rc.conf"); + + restorescr(w); + return DITEM_SUCCESS; +} + static void write_root_xprofile(char *str) { |