Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's extreme (everything off, secure level raised). Submitted mostly by: Tony Finch <dot@dotat.at>
This commit is contained in:
jkh
parent
08327bbc40
commit
33cf0a74b8
@ -492,6 +492,31 @@ configSecurityFascist(dialogMenuItem *self)
|
||||
variable_set2("kern_securelevel", "2", 1);
|
||||
/* More fascist stuff should go here */
|
||||
|
||||
if (self)
|
||||
msgConfirm("Extreme security settings have been selected.\n\n"
|
||||
"This means that all \"popular\" network services and\n"
|
||||
"mechanisms like inetd(8) have been DISABLED by default.\n\n"
|
||||
"PLEASE NOTE that this still does not save you from having\n"
|
||||
"to properly secure your system in other ways or exercise\n"
|
||||
"due diligence in your administration, this simply picks\n"
|
||||
"a more secure set of out-of-box defaults to start with.\n\n"
|
||||
"To change any of these settings later, edit /etc/rc.conf");
|
||||
|
||||
restorescr(w);
|
||||
return DITEM_SUCCESS;
|
||||
}
|
||||
|
||||
int
|
||||
configSecurityHigh(dialogMenuItem *self)
|
||||
{
|
||||
WINDOW *w = savescr();
|
||||
|
||||
variable_set2("inetd_enable", "NO", 1);
|
||||
variable_set2("sendmail_enable", "YES", 1);
|
||||
variable_set2("sshd_enable", "YES", 1);
|
||||
variable_set2("portmap_enable", "NO", 1);
|
||||
variable_set2("nfs_server_enable", "NO", 1);
|
||||
|
||||
if (self)
|
||||
msgConfirm("High security settings have been selected.\n\n"
|
||||
"This means that most \"popular\" network services and\n"
|
||||
|
||||
@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = {
|
||||
{ { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate },
|
||||
{ "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal },
|
||||
{ "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
|
||||
{ "High", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ "High", "Fairly safe security settings.", NULL, configSecurityHigh },
|
||||
{ "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ NULL } },
|
||||
};
|
||||
|
||||
|
||||
@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self);
|
||||
extern int configWriteRC_conf(dialogMenuItem *self);
|
||||
extern int configSecurityProfile(dialogMenuItem *self);
|
||||
extern int configSecurityFascist(dialogMenuItem *self);
|
||||
extern int configSecurityHigh(dialogMenuItem *self);
|
||||
extern int configSecurityModerate(dialogMenuItem *self);
|
||||
extern int configSecurityLiberal(dialogMenuItem *self);
|
||||
|
||||
|
||||
@ -492,6 +492,31 @@ configSecurityFascist(dialogMenuItem *self)
|
||||
variable_set2("kern_securelevel", "2", 1);
|
||||
/* More fascist stuff should go here */
|
||||
|
||||
if (self)
|
||||
msgConfirm("Extreme security settings have been selected.\n\n"
|
||||
"This means that all \"popular\" network services and\n"
|
||||
"mechanisms like inetd(8) have been DISABLED by default.\n\n"
|
||||
"PLEASE NOTE that this still does not save you from having\n"
|
||||
"to properly secure your system in other ways or exercise\n"
|
||||
"due diligence in your administration, this simply picks\n"
|
||||
"a more secure set of out-of-box defaults to start with.\n\n"
|
||||
"To change any of these settings later, edit /etc/rc.conf");
|
||||
|
||||
restorescr(w);
|
||||
return DITEM_SUCCESS;
|
||||
}
|
||||
|
||||
int
|
||||
configSecurityHigh(dialogMenuItem *self)
|
||||
{
|
||||
WINDOW *w = savescr();
|
||||
|
||||
variable_set2("inetd_enable", "NO", 1);
|
||||
variable_set2("sendmail_enable", "YES", 1);
|
||||
variable_set2("sshd_enable", "YES", 1);
|
||||
variable_set2("portmap_enable", "NO", 1);
|
||||
variable_set2("nfs_server_enable", "NO", 1);
|
||||
|
||||
if (self)
|
||||
msgConfirm("High security settings have been selected.\n\n"
|
||||
"This means that most \"popular\" network services and\n"
|
||||
|
||||
@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = {
|
||||
{ { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate },
|
||||
{ "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal },
|
||||
{ "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
|
||||
{ "High", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ "High", "Fairly safe security settings.", NULL, configSecurityHigh },
|
||||
{ "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ NULL } },
|
||||
};
|
||||
|
||||
|
||||
@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self);
|
||||
extern int configWriteRC_conf(dialogMenuItem *self);
|
||||
extern int configSecurityProfile(dialogMenuItem *self);
|
||||
extern int configSecurityFascist(dialogMenuItem *self);
|
||||
extern int configSecurityHigh(dialogMenuItem *self);
|
||||
extern int configSecurityModerate(dialogMenuItem *self);
|
||||
extern int configSecurityLiberal(dialogMenuItem *self);
|
||||
|
||||
|
||||
@ -492,6 +492,31 @@ configSecurityFascist(dialogMenuItem *self)
|
||||
variable_set2("kern_securelevel", "2", 1);
|
||||
/* More fascist stuff should go here */
|
||||
|
||||
if (self)
|
||||
msgConfirm("Extreme security settings have been selected.\n\n"
|
||||
"This means that all \"popular\" network services and\n"
|
||||
"mechanisms like inetd(8) have been DISABLED by default.\n\n"
|
||||
"PLEASE NOTE that this still does not save you from having\n"
|
||||
"to properly secure your system in other ways or exercise\n"
|
||||
"due diligence in your administration, this simply picks\n"
|
||||
"a more secure set of out-of-box defaults to start with.\n\n"
|
||||
"To change any of these settings later, edit /etc/rc.conf");
|
||||
|
||||
restorescr(w);
|
||||
return DITEM_SUCCESS;
|
||||
}
|
||||
|
||||
int
|
||||
configSecurityHigh(dialogMenuItem *self)
|
||||
{
|
||||
WINDOW *w = savescr();
|
||||
|
||||
variable_set2("inetd_enable", "NO", 1);
|
||||
variable_set2("sendmail_enable", "YES", 1);
|
||||
variable_set2("sshd_enable", "YES", 1);
|
||||
variable_set2("portmap_enable", "NO", 1);
|
||||
variable_set2("nfs_server_enable", "NO", 1);
|
||||
|
||||
if (self)
|
||||
msgConfirm("High security settings have been selected.\n\n"
|
||||
"This means that most \"popular\" network services and\n"
|
||||
|
||||
@ -1607,7 +1607,8 @@ DMenu MenuSecurityProfile = {
|
||||
{ { "X Exit", "Exit this menu (returning to previous)", NULL, configSecurityModerate },
|
||||
{ "Low", "Fairly wide-open (little) security.", NULL, configSecurityLiberal },
|
||||
{ "Medium", "Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
|
||||
{ "High", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ "High", "Fairly safe security settings.", NULL, configSecurityHigh },
|
||||
{ "Extreme", "Very restrictive security settings.", NULL, configSecurityFascist },
|
||||
{ NULL } },
|
||||
};
|
||||
|
||||
|
||||
@ -446,6 +446,7 @@ extern int configNFSServer(dialogMenuItem *self);
|
||||
extern int configWriteRC_conf(dialogMenuItem *self);
|
||||
extern int configSecurityProfile(dialogMenuItem *self);
|
||||
extern int configSecurityFascist(dialogMenuItem *self);
|
||||
extern int configSecurityHigh(dialogMenuItem *self);
|
||||
extern int configSecurityModerate(dialogMenuItem *self);
|
||||
extern int configSecurityLiberal(dialogMenuItem *self);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user