From e442a085d06ea3acc1ac496469c4e212774a2c5d Mon Sep 17 00:00:00 2001
From: robak <robak@FreeBSD.org>
Date: Thu, 28 Jul 2016 15:54:17 +0000
Subject: MFC r302897:

Add new System Hardening menu and options to bsdinstall.

This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
picked system security options (like random process id's, hiding
other users/groups processes and others).

All options are OFF by default in this patch due to POLA principle
with intention to turn change some of them to ON by default in future.

Reviewed by:	adrian, allanjude, bdrewery, nwhitehorn
Approved by:	re@, adrian, allanjude
---
 usr.sbin/bsdinstall/scripts/auto | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'usr.sbin/bsdinstall/scripts/auto')

diff --git a/usr.sbin/bsdinstall/scripts/auto b/usr.sbin/bsdinstall/scripts/auto
index 57014a1..61b2193 100755
--- a/usr.sbin/bsdinstall/scripts/auto
+++ b/usr.sbin/bsdinstall/scripts/auto
@@ -385,6 +385,7 @@ if [ "$NETCONFIG_DONE" != yes ]; then
 fi
 bsdinstall time
 bsdinstall services
+bsdinstall hardening
 
 dialog --backtitle "FreeBSD Installer" --title "Add User Accounts" --yesno \
     "Would you like to add users to the installed system now?" 0 0 && \
@@ -401,6 +402,7 @@ finalconfig() {
 		"Hostname" "Set system hostname" \
 		"Network" "Networking configuration" \
 		"Services" "Set daemons to run on startup" \
+		"System Hardening" "Set security options" \
 		"Time Zone" "Set system timezone" \
 		"Handbook" "Install FreeBSD Handbook (requires network)" 2>&1 1>&3)
 	exec 3>&-
@@ -426,6 +428,10 @@ finalconfig() {
 		bsdinstall services
 		finalconfig
 		;;
+	"System Hardening")
+		bsdinstall hardening
+		finalconfig
+		;;
 	"Time Zone")
 		bsdinstall time
 		finalconfig
-- 
cgit v1.1