From e983c8d12df02353a044c03cba700a236381ae1f Mon Sep 17 00:00:00 2001 From: rwatson Date: Fri, 28 Nov 2003 18:47:45 +0000 Subject: Remove security profiles from sysinstall. Currently, security profile selection is used to drive two configuration parameters: (1) Default enable/disable for sshd (2) Default enable/disable for securelevels Replace this with an explicit choice to enable/disable sshd. A follow-up commit will add a configuration option to the Security post-install configuration menu to set the securelevel in rc.conf explicitly. This should reduce the level of foot-shooting associated with accidental enabling of securelevels, make the nature and implications of the securelevel configuration options more explicit, as well as make the choice to enable/disable sshd more explicit. Approved by: re (scottl) --- usr.sbin/sade/config.c | 57 -------------------------------------------------- 1 file changed, 57 deletions(-) (limited to 'usr.sbin/sade/config.c') diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index b67e5aa6..570cb61 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -547,63 +547,6 @@ configSecurity(dialogMenuItem *self) return DITEM_SUCCESS; } -int -configSecurityProfile(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - dialog_clear_norefresh(); - dmenuOpenSimple(&MenuSecurityProfile, FALSE); - restorescr(w); - return DITEM_SUCCESS; -} - -/* Use the most extreme security settings */ -int -configSecurityExtreme(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - variable_set2("sshd_enable", "NO", 1); - variable_set2("kern_securelevel_enable", "YES", 1); - variable_set2("kern_securelevel", "2", 1); - - if (self) - msgConfirm("Extreme security settings have been selected.\n\n" - "Sshd has been disabled, and kernel security levels have" - "been enabled.\n\n" - "PLEASE NOTE that this still does not save you from having\n" - "to properly secure your system in other ways or exercise\n" - "due diligence in your administration, this simply picks\n" - "a more secure set of out-of-box defaults to start with.\n\n" - "To change any of these settings later, edit /etc/rc.conf"); - - restorescr(w); - return DITEM_SUCCESS; -} - -int -configSecurityModerate(dialogMenuItem *self) -{ - WINDOW *w = savescr(); - - variable_set2("sshd_enable", "YES", 1); - variable_set2("kern_securelevel_enable", "NO", 1); - - if (self) - msgConfirm("Moderate security settings have been selected.\n\n" - "Sshd has been enabled and kernel securelevels are disabled;\n" - "all other settings have been left intact.\n\n" - "PLEASE NOTE that this still does not save you from having\n" - "to properly secure your system in other ways or exercise\n" - "due diligence in your administration, this simply picks\n" - "a standard set of out-of-box defaults to start with.\n\n" - "To change any of these settings later, edit /etc/rc.conf"); - - restorescr(w); - return DITEM_SUCCESS; -} - static void write_root_xprofile(char *str) { -- cgit v1.1