Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/bsdinstall/scripts/hardening
Show All 20 Lines | |||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
# SUCH DAMAGE. | # SUCH DAMAGE. | ||||
# | # | ||||
# $FreeBSD$ | # $FreeBSD$ | ||||
BSDCFG_SHARE="/usr/share/bsdconfig" | |||||
. $BSDCFG_SHARE/common.subr || exit 1 | |||||
: ${BSDDIALOG_OK=0} | : ${BSDDIALOG_OK=0} | ||||
echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening | echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening | ||||
echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening | echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening | ||||
echo -n > $BSDINSTALL_TMPBOOT/loader.conf.hardening | echo -n > $BSDINSTALL_TMPBOOT/loader.conf.hardening | ||||
exec 3>&1 | exec 3>&1 | ||||
FEATURES=$( bsddialog --backtitle "FreeBSD Installer" \ | FEATURES=$( bsddialog --backtitle "$OSNAME Installer" \ | ||||
--title "System Hardening" --nocancel --separate-output \ | --title "System Hardening" --nocancel --separate-output \ | ||||
--checklist "Choose system security hardening options:" \ | --checklist "Choose system security hardening options:" \ | ||||
0 0 0 \ | 0 0 0 \ | ||||
"0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} \ | "0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} \ | ||||
"1 hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \ | "1 hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \ | ||||
"2 hide_jail" "Hide processes running in jails" ${hide_jail:-off} \ | "2 hide_jail" "Hide processes running in jails" ${hide_jail:-off} \ | ||||
"3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ | "3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ | ||||
"4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ | "4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ | ||||
▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines |