Remove security profiles from sysinstall. Currently, security profile

selection is used to drive two configuration parameters:

(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels

Replace this with an explicit choice to enable/disable sshd.  A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly.  This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.

Approved by:	re (scottl)

usr.sbin/sade/config.c

@@ -547,63 +547,6 @@ configSecurity(dialogMenuItem *self)
     return DITEM_SUCCESS;
 }
 
-int
-configSecurityProfile(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    dialog_clear_norefresh();
-    dmenuOpenSimple(&MenuSecurityProfile, FALSE); 
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
-/* Use the most extreme security settings */
-int
-configSecurityExtreme(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    variable_set2("sshd_enable", "NO", 1);
-    variable_set2("kern_securelevel_enable", "YES", 1);
-    variable_set2("kern_securelevel", "2", 1);
-
-    if (self)
-	msgConfirm("Extreme security settings have been selected.\n\n"
-	    "Sshd has been disabled, and kernel security levels have"
-	    "been enabled.\n\n"
-	    "PLEASE NOTE that this still does not save you from having\n"
-	    "to properly secure your system in other ways or exercise\n"
-	    "due diligence in your administration, this simply picks\n"
-	    "a more secure set of out-of-box defaults to start with.\n\n"
-	    "To change any of these settings later, edit /etc/rc.conf");
-
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
-int
-configSecurityModerate(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    variable_set2("sshd_enable", "YES", 1);
-    variable_set2("kern_securelevel_enable", "NO", 1);
-
-    if (self)
-	msgConfirm("Moderate security settings have been selected.\n\n"
-	    "Sshd has been enabled and kernel securelevels are disabled;\n"
-	    "all other settings have been left intact.\n\n"
-            "PLEASE NOTE that this still does not save you from having\n"
-            "to properly secure your system in other ways or exercise\n"
-            "due diligence in your administration, this simply picks\n"
-            "a standard set of out-of-box defaults to start with.\n\n"
-	    "To change any of these settings later, edit /etc/rc.conf");
-
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
 static void
 write_root_xprofile(char *str)
 {

usr.sbin/sade/install.c

@@ -529,8 +529,6 @@ installExpress(dialogMenuItem *self)
 
     if (DITEM_STATUS((i = installCommit(self))) == DITEM_SUCCESS) {
 	i |= DITEM_LEAVE_MENU;
-	/* Set default security level */
-	configSecurityModerate(NULL);
 
 	/* Give user the option of one last configuration spree */
 	installConfigure();
@@ -621,6 +619,10 @@ installStandard(dialogMenuItem *self)
     if (!msgNoYes("Do you want to configure inetd and the network services that it provides?"))
         configInetd(self);
 
+    dialog_clear_norefresh();
+    if (!msgNoYes("Would you like to enable SSH login?"))
+	variable_set2("sshd_enable", "YES", 1);
+
     dialog_clear_norefresh();
     if (!msgNoYes("Do you want to have anonymous FTP access to this machine?"))
 	configAnonFTP(self);
@@ -633,12 +635,6 @@ installStandard(dialogMenuItem *self)
     if (!msgNoYes("Do you want to configure this machine as an NFS client?"))
 	variable_set2("nfs_client_enable", "YES", 1);
 
-    if (!msgNoYes("Do you want to select a default security profile for\n"
-	         "this host (select No for \"moderate\" security)?"))
-	configSecurityProfile(self);
-    else
-	configSecurityModerate(self);
-
 #ifdef WITH_SYSCONS
     dialog_clear_norefresh();
     if (!msgNoYes("Would you like to customize your system console settings?"))
@@ -720,9 +716,6 @@ installCustomCommit(dialogMenuItem *self)
 
     i = installCommit(self);
     if (DITEM_STATUS(i) == DITEM_SUCCESS) {
-	/* Set default security level */
-	configSecurityModerate(NULL);
-
 	/* Give user the option of one last configuration spree */
 	installConfigure();
 	return i;

usr.sbin/sade/menus.c

@@ -1469,7 +1469,7 @@ DMenu MenuNetworking = {
 	dmenuVarCheck,	configRouter, NULL, "router_enable=YES" },
       { " Rwhod",	"This machine wants to run the rwho daemon",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "rwhod_enable=YES" },
-      { " Sshd",	"This machine wants to run the ssh daemon",
+      { " SSHd",	"This machine wants to run the SSH daemon",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "sshd_enable=YES" },
       { " TCP Extensions", "Allow RFC1323 and RFC1644 TCP extensions?",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "tcp_extensions=YES" },
@@ -2229,8 +2229,6 @@ DMenu MenuSecurity = {
     NULL,
     { { "X Exit",      "Exit this menu (returning to previous)",
 	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
-      { " Security Profile",   "Select a security profile for the system",
-	NULL, configSecurityProfile },
 #if 0
       { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
@@ -2240,20 +2238,6 @@ DMenu MenuSecurity = {
       { NULL } },
 };
 
-DMenu MenuSecurityProfile = {
-    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
-    "Default system security profile",
-    "Each item in this list will set what it considers to\n"
-    "be \"appropriate\" values in that category for various\n"
-    "security-related knobs in /etc/rc.conf.",
-    "Select a canned security profile - F1 for help",
-    "security",						/* help file */
-    { { "X Exit",	"Exit this menu (returning to previous)", NULL, dmenuExit },
-      { "Moderate",	"Moderate security settings.", NULL, configSecurityModerate },
-      { "Extreme",	"Very restrictive security settings.", NULL, configSecurityExtreme },
-      { NULL } },
-};
-
 DMenu MenuFixit = {
     DMENU_NORMAL_TYPE,
     "Please choose a fixit option",

usr.sbin/sade/sade.h

@@ -452,7 +452,6 @@ extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
 extern DMenu		MenuSecurity;		/* System security options menu			*/
-extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 #ifdef WITH_SYSCONS
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
@@ -532,9 +531,6 @@ extern int	configMTAPostfix(dialogMenuItem *self);
 extern int	configMTAExim(dialogMenuItem *self);
 extern int	configRpcBind(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
-extern int	configSecurityProfile(dialogMenuItem *self);
-extern int	configSecurityExtreme(dialogMenuItem *self);
-extern int	configSecurityModerate(dialogMenuItem *self);
 extern int	configEtcTtys(dialogMenuItem *self);
 #ifdef __i386__
 extern int	checkLoaderACPI(void);

usr.sbin/sysinstall/config.c

@@ -547,63 +547,6 @@ configSecurity(dialogMenuItem *self)
     return DITEM_SUCCESS;
 }
 
-int
-configSecurityProfile(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    dialog_clear_norefresh();
-    dmenuOpenSimple(&MenuSecurityProfile, FALSE); 
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
-/* Use the most extreme security settings */
-int
-configSecurityExtreme(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    variable_set2("sshd_enable", "NO", 1);
-    variable_set2("kern_securelevel_enable", "YES", 1);
-    variable_set2("kern_securelevel", "2", 1);
-
-    if (self)
-	msgConfirm("Extreme security settings have been selected.\n\n"
-	    "Sshd has been disabled, and kernel security levels have"
-	    "been enabled.\n\n"
-	    "PLEASE NOTE that this still does not save you from having\n"
-	    "to properly secure your system in other ways or exercise\n"
-	    "due diligence in your administration, this simply picks\n"
-	    "a more secure set of out-of-box defaults to start with.\n\n"
-	    "To change any of these settings later, edit /etc/rc.conf");
-
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
-int
-configSecurityModerate(dialogMenuItem *self)
-{
-    WINDOW *w = savescr();
-
-    variable_set2("sshd_enable", "YES", 1);
-    variable_set2("kern_securelevel_enable", "NO", 1);
-
-    if (self)
-	msgConfirm("Moderate security settings have been selected.\n\n"
-	    "Sshd has been enabled and kernel securelevels are disabled;\n"
-	    "all other settings have been left intact.\n\n"
-            "PLEASE NOTE that this still does not save you from having\n"
-            "to properly secure your system in other ways or exercise\n"
-            "due diligence in your administration, this simply picks\n"
-            "a standard set of out-of-box defaults to start with.\n\n"
-	    "To change any of these settings later, edit /etc/rc.conf");
-
-    restorescr(w);
-    return DITEM_SUCCESS;
-}
-
 static void
 write_root_xprofile(char *str)
 {

usr.sbin/sysinstall/help/security.hlp

@@ -1,10 +0,0 @@
-Please see the FreeBSD FAQ for more detailed information on security
-profiles. The following table is intended to give you a rough idea just
-which services are enabled (or disabled) by each of the canned security
-profiles:
-
-               Extreme        Medium
-               -------        ------
-sendmail       NO             YES
-sshd           NO             YES
-securelevel    YES (2)        NO

usr.sbin/sysinstall/install.c

@@ -529,8 +529,6 @@ installExpress(dialogMenuItem *self)
 
     if (DITEM_STATUS((i = installCommit(self))) == DITEM_SUCCESS) {
 	i |= DITEM_LEAVE_MENU;
-	/* Set default security level */
-	configSecurityModerate(NULL);
 
 	/* Give user the option of one last configuration spree */
 	installConfigure();
@@ -621,6 +619,10 @@ installStandard(dialogMenuItem *self)
     if (!msgNoYes("Do you want to configure inetd and the network services that it provides?"))
         configInetd(self);
 
+    dialog_clear_norefresh();
+    if (!msgNoYes("Would you like to enable SSH login?"))
+	variable_set2("sshd_enable", "YES", 1);
+
     dialog_clear_norefresh();
     if (!msgNoYes("Do you want to have anonymous FTP access to this machine?"))
 	configAnonFTP(self);
@@ -633,12 +635,6 @@ installStandard(dialogMenuItem *self)
     if (!msgNoYes("Do you want to configure this machine as an NFS client?"))
 	variable_set2("nfs_client_enable", "YES", 1);
 
-    if (!msgNoYes("Do you want to select a default security profile for\n"
-	         "this host (select No for \"moderate\" security)?"))
-	configSecurityProfile(self);
-    else
-	configSecurityModerate(self);
-
 #ifdef WITH_SYSCONS
     dialog_clear_norefresh();
     if (!msgNoYes("Would you like to customize your system console settings?"))
@@ -720,9 +716,6 @@ installCustomCommit(dialogMenuItem *self)
 
     i = installCommit(self);
     if (DITEM_STATUS(i) == DITEM_SUCCESS) {
-	/* Set default security level */
-	configSecurityModerate(NULL);
-
 	/* Give user the option of one last configuration spree */
 	installConfigure();
 	return i;

usr.sbin/sysinstall/menus.c

@@ -1469,7 +1469,7 @@ DMenu MenuNetworking = {
 	dmenuVarCheck,	configRouter, NULL, "router_enable=YES" },
       { " Rwhod",	"This machine wants to run the rwho daemon",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "rwhod_enable=YES" },
-      { " Sshd",	"This machine wants to run the ssh daemon",
+      { " SSHd",	"This machine wants to run the SSH daemon",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "sshd_enable=YES" },
       { " TCP Extensions", "Allow RFC1323 and RFC1644 TCP extensions?",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "tcp_extensions=YES" },
@@ -2229,8 +2229,6 @@ DMenu MenuSecurity = {
     NULL,
     { { "X Exit",      "Exit this menu (returning to previous)",
 	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
-      { " Security Profile",   "Select a security profile for the system",
-	NULL, configSecurityProfile },
 #if 0
       { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
@@ -2240,20 +2238,6 @@ DMenu MenuSecurity = {
       { NULL } },
 };
 
-DMenu MenuSecurityProfile = {
-    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
-    "Default system security profile",
-    "Each item in this list will set what it considers to\n"
-    "be \"appropriate\" values in that category for various\n"
-    "security-related knobs in /etc/rc.conf.",
-    "Select a canned security profile - F1 for help",
-    "security",						/* help file */
-    { { "X Exit",	"Exit this menu (returning to previous)", NULL, dmenuExit },
-      { "Moderate",	"Moderate security settings.", NULL, configSecurityModerate },
-      { "Extreme",	"Very restrictive security settings.", NULL, configSecurityExtreme },
-      { NULL } },
-};
-
 DMenu MenuFixit = {
     DMENU_NORMAL_TYPE,
     "Please choose a fixit option",

usr.sbin/sysinstall/sysinstall.h

@@ -452,7 +452,6 @@ extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
 extern DMenu		MenuSecurity;		/* System security options menu			*/
-extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 #ifdef WITH_SYSCONS
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
@@ -532,9 +531,6 @@ extern int	configMTAPostfix(dialogMenuItem *self);
 extern int	configMTAExim(dialogMenuItem *self);
 extern int	configRpcBind(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
-extern int	configSecurityProfile(dialogMenuItem *self);
-extern int	configSecurityExtreme(dialogMenuItem *self);
-extern int	configSecurityModerate(dialogMenuItem *self);
 extern int	configEtcTtys(dialogMenuItem *self);
 #ifdef __i386__
 extern int	checkLoaderACPI(void);