d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bsdinstall: replace multiple ifs with case

Browse Source 
Reduce copy-paste and use a more typical construct.

Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28417
This commit is contained in:
Ed Maste 2021-01-29 14:00:29 -05:00
parent 504e64af32
commit fbc57e2df9
1 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
usr.sbin/bsdinstall/scripts/hardening
View File

@ -52,38 +52,40 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
exec 3>&- exec 3>&-
for feature in $FEATURES; do for feature in $FEATURES; do
if [ "$feature" = "hide_uids" ]; then case "$feature" in
hide_uids)
echo security.bsd.see_other_uids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo security.bsd.see_other_uids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "hide_gids" ]; then hide_gids)
echo security.bsd.see_other_gids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo security.bsd.see_other_gids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "hide_jail" ]; then hide_jail)
echo security.bsd.see_jail_proc=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo security.bsd.see_jail_proc=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "read_msgbuf" ]; then read_msgbuf)
echo security.bsd.unprivileged_read_msgbuf=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo security.bsd.unprivileged_read_msgbuf=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "proc_debug" ]; then proc_debug)
echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "random_pid" ]; then random_pid)
echo kern.randompid=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening echo kern.randompid=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi ;;
if [ "$feature" = "clear_tmp" ]; then clear_tmp)
echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening
fi ;;
if [ "$feature" = "disable_syslogd" ]; then disable_syslogd)
echo 'syslogd_flags="-ss"' >> $BSDINSTALL_TMPETC/rc.conf.hardening echo 'syslogd_flags="-ss"' >> $BSDINSTALL_TMPETC/rc.conf.hardening
fi ;;
if [ "$feature" = "disable_sendmail" ]; then disable_sendmail)
echo 'sendmail_enable="NONE"' >> $BSDINSTALL_TMPETC/rc.conf.hardening echo 'sendmail_enable="NONE"' >> $BSDINSTALL_TMPETC/rc.conf.hardening
fi ;;
if [ "$feature" = "secure_console" ]; then secure_console)
sed "s/unknown off secure/unknown off insecure/g" $BSDINSTALL_CHROOT/etc/ttys > $BSDINSTALL_TMPETC/ttys.hardening sed "s/unknown off secure/unknown off insecure/g" $BSDINSTALL_CHROOT/etc/ttys > $BSDINSTALL_TMPETC/ttys.hardening
fi ;;
if [ "$feature" = "disable_ddtrace" ]; then disable_ddtrace)
echo 'security.bsd.allow_destructive_dtrace=0' >> $BSDINSTALL_TMPBOOT/loader.conf.hardening echo 'security.bsd.allow_destructive_dtrace=0' >> $BSDINSTALL_TMPBOOT/loader.conf.hardening
fi ;;
esac
done done