Add an installer option to disable destructive dtrace.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com> Approved by: re (kib) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D12474
This commit is contained in:
parent
5252d24a20
commit
c3afb29bb6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=338852
@ -30,6 +30,7 @@
|
||||
|
||||
echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening
|
||||
echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening
|
||||
echo -n > $BSDINSTALL_TMPBOOT/loader.conf.hardening
|
||||
|
||||
exec 3>&1
|
||||
FEATURES=$( dialog --backtitle "FreeBSD Installer" \
|
||||
@ -46,6 +47,7 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
|
||||
"7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
|
||||
"8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
|
||||
"9 secure_console" "Enable console password prompt" ${secure_console:-off} \
|
||||
"10 disable_ddtrace" "Disallow DTrace destructive-mode" ${disable_ddtrace:-off} \
|
||||
2>&1 1>&3 )
|
||||
exec 3>&-
|
||||
|
||||
@ -80,5 +82,8 @@ for feature in $FEATURES; do
|
||||
if [ "$feature" = "secure_console" ]; then
|
||||
sed "s/unknown off secure/unknown off insecure/g" $BSDINSTALL_CHROOT/etc/ttys > $BSDINSTALL_TMPETC/ttys.hardening
|
||||
fi
|
||||
if [ "$feature" = "disable_ddtrace" ]; then
|
||||
echo 'security.bsd.allow_destructive_dtrace=0' >> $BSDINSTALL_TMPBOOT/loader.conf.hardening
|
||||
fi
|
||||
done
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user