D53171.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D53171.diff
View Options

	diff --git a/usr.sbin/bsdinstall/scripts/config b/usr.sbin/bsdinstall/scripts/config
	--- a/usr.sbin/bsdinstall/scripts/config
	+++ b/usr.sbin/bsdinstall/scripts/config
	@@ -34,6 +34,12 @@
	cat $BSDINSTALL_CHROOT/etc/sysctl.conf $BSDINSTALL_TMPETC/sysctl.conf.* >> $BSDINSTALL_TMPETC/sysctl.conf
	rm $BSDINSTALL_TMPETC/sysctl.conf.*

	+if [ -f $BSDINSTALL_TMPETC/newsyslog.conf.hardening ]; then
	+ cat $BSDINSTALL_TMPETC/newsyslog.conf.hardening > $BSDINSTALL_TMPETC/newsyslog.conf
	+ rm -f $BSDINSTALL_TMPETC/newsyslog.conf.hardening
	+ chmod 0600 $BSDINSTALL_CHROOT/var/log/messages
	+fi
	+
	if [ -f $BSDINSTALL_TMPETC/ttys.hardening ]; then
	cat $BSDINSTALL_TMPETC/ttys.hardening > $BSDINSTALL_TMPETC/ttys
	rm $BSDINSTALL_TMPETC/ttys.hardening
	diff --git a/usr.sbin/bsdinstall/scripts/hardening b/usr.sbin/bsdinstall/scripts/hardening
	--- a/usr.sbin/bsdinstall/scripts/hardening
	+++ b/usr.sbin/bsdinstall/scripts/hardening
	@@ -70,6 +70,9 @@
	;;
	read_msgbuf)
	echo security.bsd.unprivileged_read_msgbuf=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
	+ echo 'dmesg_umask="066"' >> $BSDINSTALL_TMPETC/rc.conf.hardening
	+ sed "s\|^/var/log/messages\t\t\t644\|/var/log/messages\t\t\t600\|" \
	+ $BSDINSTALL_CHROOT/etc/newsyslog.conf > $BSDINSTALL_TMPETC/newsyslog.conf.hardening
	;;
	proc_debug)
	echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening