diff options
Diffstat (limited to 'usr.sbin/bsdconfig/security')
| -rw-r--r-- | usr.sbin/bsdconfig/security/include/Makefile | 2 | ||||
| -rw-r--r-- | usr.sbin/bsdconfig/security/include/securelevel.hlp | 40 | ||||
| -rwxr-xr-x | usr.sbin/bsdconfig/security/kern_securelevel | 23 |
3 files changed, 59 insertions, 6 deletions
diff --git a/usr.sbin/bsdconfig/security/include/Makefile b/usr.sbin/bsdconfig/security/include/Makefile index 7cdfcc6..a94c127 100644 --- a/usr.sbin/bsdconfig/security/include/Makefile +++ b/usr.sbin/bsdconfig/security/include/Makefile @@ -3,7 +3,7 @@ NO_OBJ= FILESDIR= ${LIBEXECDIR}/bsdconfig/130.security/include -FILES= messages.subr +FILES= messages.subr securelevel.hlp beforeinstall: mkdir -p ${DESTDIR}${FILESDIR} diff --git a/usr.sbin/bsdconfig/security/include/securelevel.hlp b/usr.sbin/bsdconfig/security/include/securelevel.hlp new file mode 100644 index 0000000..27eb1ec --- /dev/null +++ b/usr.sbin/bsdconfig/security/include/securelevel.hlp @@ -0,0 +1,40 @@ +This menu allows you to configure the Securelevel mechanism in FreeBSD. + +Securelevels may be used to limit the privileges assigned to the +root user in multi-user mode, which in turn may limit the effects of +a root compromise, at the cost of reducing administrative functions. +Refer to the security(7) and init(8) manual pages for complete details. + + -1 Permanently insecure mode - always run the system in level 0 + mode. This is the default initial value. + + 0 Insecure mode - immutable and append-only flags may be turned + off. All devices may be read or written subject to their + permissions. + + 1 Secure mode - the system immutable and system append-only + flags may not be turned off; disks for mounted file systems, + /dev/mem, /dev/kmem and /dev/io (if your platform has it) + may not be opened for writing; kernel modules (see kld(4)) + may not be loaded or unloaded. + + 2 Highly secure mode - same as secure mode, plus disks may not + be opened for writing (except by mount(2)) whether mounted or + not. This level precludes tampering with file systems by + unmounting them, but also inhibits running newfs(8) while the + system is multi-user. + + In addition, kernel time changes are restricted to less than + or equal to one second. Attempts to change the time by more + than this will log the message ``Time adjustment clamped to +1 + second''. + + 3 Network secure mode - same as highly secure mode, plus IP + packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) + cannot be changed and dummynet(4) or pf(4) configuration + cannot be adjusted. + +Securelevels must be used in combination with careful system design and +application of protective mechanisms to prevent system configuration +files from being modified in a way that compromises the protections of +the securelevel variable upon reboot. diff --git a/usr.sbin/bsdconfig/security/kern_securelevel b/usr.sbin/bsdconfig/security/kern_securelevel index c48691e..dbabd00 100755 --- a/usr.sbin/bsdconfig/security/kern_securelevel +++ b/usr.sbin/bsdconfig/security/kern_securelevel @@ -36,6 +36,7 @@ f_include $BSDCFG_SHARE/sysrc.subr BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr +f_include_help SECURELEVEL $BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp ipgm=$( f_index_menu_selection $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) [ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" @@ -74,6 +75,8 @@ dialog_menu_main() --hline \"\$hline\" \ --ok-label \"\$msg_ok\" \ --cancel-label \"\$msg_cancel\" \ + --help-button \ + ${USE_XDIALOG:+--help \"\$( f_include_help SECURELEVEL )\"} \ --menu \"\$prompt\" $size \ $menu_list \ 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD @@ -109,11 +112,21 @@ f_mustberoot_init # # Launch application main menu # -dialog_menu_main -retval=$? -mtag=$( f_dialog_menutag ) - -[ $retval -eq 0 ] || f_die +while :; do + dialog_menu_main + retval=$? + mtag=$( f_dialog_menutag ) + + if [ $retval -eq 2 ]; then + # The Help button was pressed + f_show_msg "%s" "$( f_include_help SECURELEVEL )" + continue + elif [ $retval -ne 0 ]; then + f_die + fi + + break +done case "$mtag" in "$msg_disabled") |
