Write kern.randompid to /etc/sysctl.conf

PR: 211471 Reported by: survo@protonmail.com Reviewed by: robak@ Approved by: allanjude@ MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D7440
2016-08-09 15:57:37 +00:00 · 2016-08-09 15:57:37 +00:00 · 1d01cb0d72
commit 1d01cb0d72
parent 75ae87ede1
1 changed files with 3 additions and 2 deletions
--- a/usr.sbin/bsdinstall/scripts/hardening
+++ b/usr.sbin/bsdinstall/scripts/hardening
@ -29,6 +29,7 @@
 : ${DIALOG_OK=0}

 echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening
+echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening

 exec 3>&1
 FEATURES=$( dialog --backtitle "FreeBSD Installer" \
@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
 	"hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \
 	"read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
 	"proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
-	"random_pid" "Randomize the PID of newly created processes" ${random_id:-off} \
+	"random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
 	"stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
 	"clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
 	"disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
@ -60,7 +61,7 @@ for feature in $FEATURES; do
 	if [ "$feature" = "proc_debug" ]; then
 		echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
 	fi
-	if [ "$feature" = "random_id" ]; then
+	if [ "$feature" = "random_pid" ]; then
 		echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
 	fi
 	if [ "$feature" = "stack_guard" ]; then