Page MenuHomeFreeBSD
Files F110460135

D11283.id29855.diff
No OneTemporary
Actions

D11283.id29855.diff
View Options

Index: usr.sbin/bsdinstall/scripts/hardening
===================================================================
--- usr.sbin/bsdinstall/scripts/hardening
+++ usr.sbin/bsdinstall/scripts/hardening
@@ -38,13 +38,14 @@
0 0 0 \
"0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} \
"1 hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \
- "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
- "3 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
- "4 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
- "5 stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
- "6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
- "7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
- "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
+ "2 hide_jail" "Hide processes running in jails" ${hide_jail:-off} \
+ "3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
+ "4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
+ "5 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
+ "6 stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
+ "7 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
+ "8 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
+ "9 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
2>&1 1>&3 )
exec 3>&-
@@ -54,6 +55,9 @@
fi
if [ "$feature" = "hide_gids" ]; then
echo security.bsd.see_other_gids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
+ fi
+ if [ "$feature" = "hide_jail" ]; then
+ echo security.bsd.see_jail_proc=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi
if [ "$feature" = "read_msgbuf" ]; then
echo security.bsd.unprivileged_read_msgbuf=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening

File Metadata

Mime Type
text/plain
Expires
Wed, Feb 19, 6:22 PM (20 h, 1 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16725714
Default Alt Text
D11283.id29855.diff (2 KB)

Event Timeline