Add a Securelevel sub-menu to the Security configuration menu,

permitting the administrator to select a securelevel top operate
at.  Include a helpfile summarizing some of the information from
init(8).  This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.

Approved by:	re (scottl)
This commit is contained in:
rwatson 2003-11-29 21:44:51 +00:00
parent 946a19bc52
commit f02bee695e
7 changed files with 190 additions and 0 deletions

View File

@ -536,6 +536,52 @@ configOSF1(dialogMenuItem *self)
}
#endif
int
configSecurelevel(dialogMenuItem *self)
{
WINDOW *w = savescr();
dialog_clear_norefresh();
dmenuOpenSimple(&MenuSecurelevel, FALSE);
restorescr(w);
return DITEM_SUCCESS;
}
int
configSecurelevelDisabled(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "NO", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelSecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "1", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelHighlySecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "2", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelNetworkSecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "3", 1);
return DITEM_SUCCESS;
}
int
configSecurity(dialogMenuItem *self)
{

View File

@ -2229,6 +2229,8 @@ DMenu MenuSecurity = {
NULL,
{ { "X Exit", "Exit this menu (returning to previous)",
checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
{ " Securelevel", "Configure securelevels for the system",
NULL, configSecurelevel },
#if 0
{ " LOMAC", "Use Low Watermark Mandatory Access Control at boot",
dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" },
@ -2238,6 +2240,28 @@ DMenu MenuSecurity = {
{ NULL } },
};
DMenu MenuSecurelevel = {
DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
"Securelevel Configuration Menu",
"This menu allows you to select the securelevel your system runs with.\n"
"When operating at a securelevel, certain root privileges are disabled,\n"
"which may increase resistance to exploits and protect system integrity.\n"
"In secure mode system flags may not be overriden by the root user,\n"
"access to direct kernel memory is limited, and kernel modules may not\n"
"be changed. In highly secure mode, mounted file systems may not be\n"
"modified on-disk, tampering with the system clock is prohibited. In\n"
"network secure mode configuration changes to firwalling are prohibited.\n",
"Select a securelevel to operate at - F1 for help",
"securelevel",
{ { "X Exit", "Exit this menu (returning to previous)",
checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
{ "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, },
{ "Secure", "Secure mode", NULL, configSecurelevelSecure },
{ "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure },
{ "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure },
{ NULL } }
};
DMenu MenuFixit = {
DMENU_NORMAL_TYPE,
"Please choose a fixit option",

View File

@ -143,6 +143,7 @@
#define VAR_IPADDR "ipaddr"
#define VAR_IPV6_ENABLE "ipv6_enable"
#define VAR_IPV6ADDR "ipv6addr"
#define VAR_KERN_SECURELEVEL "kern_securelevel"
#define VAR_KEYMAP "keymap"
#define VAR_LABEL "label"
#define VAR_LABEL_COUNT "labelCount"
@ -452,6 +453,7 @@ extern DMenu MenuMediaTape; /* Tape media menu */
extern DMenu MenuNetworkDevice; /* Network device menu */
extern DMenu MenuNTP; /* NTP time server menu */
extern DMenu MenuSecurity; /* System security options menu */
extern DMenu MenuSecurelevel; /* Securelevel menu */
extern DMenu MenuStartup; /* Startup services menu */
#ifdef WITH_SYSCONS
extern DMenu MenuSyscons; /* System console configuration menu */
@ -531,6 +533,11 @@ extern int configMTAPostfix(dialogMenuItem *self);
extern int configMTAExim(dialogMenuItem *self);
extern int configRpcBind(dialogMenuItem *self);
extern int configWriteRC_conf(dialogMenuItem *self);
extern int configSecurelevel(dialogMenuItem *self);
extern int configSecurelevelDisabled(dialogMenuItem *self);
extern int configSecurelevelSecure(dialogMenuItem *self);
extern int configSecurelevelHighlySecure(dialogMenuItem *self);
extern int configSecurelevelNetworkSecure(dialogMenuItem *self);
extern int configEtcTtys(dialogMenuItem *self);
#ifdef __i386__
extern int checkLoaderACPI(void);

View File

@ -536,6 +536,52 @@ configOSF1(dialogMenuItem *self)
}
#endif
int
configSecurelevel(dialogMenuItem *self)
{
WINDOW *w = savescr();
dialog_clear_norefresh();
dmenuOpenSimple(&MenuSecurelevel, FALSE);
restorescr(w);
return DITEM_SUCCESS;
}
int
configSecurelevelDisabled(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "NO", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelSecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "1", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelHighlySecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "2", 1);
return DITEM_SUCCESS;
}
int
configSecurelevelNetworkSecure(dialogMenuItem *self)
{
variable_set2("kern_securelevel_enable", "YES", 1);
variable_set2("kern_securelevel", "3", 1);
return DITEM_SUCCESS;
}
int
configSecurity(dialogMenuItem *self)
{

View File

@ -0,0 +1,36 @@
This menu allows you to configure the Securelevel mechanism in FreeBSD.
Securelevels may be used to limit the privileges assigned to the
root user in multi-user mode, which in turn may limit the effects of
a root compromise, at the cost of reducing administrative functions.
Refer to the init(8) manual page for complete details.
-1 Permanently insecure mode - always run the system in level 0 mode.
This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem, and
/dev/kmem may not be opened for writing; kernel modules (see
kld(4)) may not be loaded or unloaded.
2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user.
In addition, kernel time changes are restricted to less than or
equal to one second. Attempts to change the time by more than this
will log the message ``Time adjustment clamped to +1 second''.
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
Securelevels must be used in combination with careful system design and
application of protective mechanisms to prevent system configuration
files from being modified in a way that compromises the protections of
the securelevel variable upon reboot.

View File

@ -2229,6 +2229,8 @@ DMenu MenuSecurity = {
NULL,
{ { "X Exit", "Exit this menu (returning to previous)",
checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
{ " Securelevel", "Configure securelevels for the system",
NULL, configSecurelevel },
#if 0
{ " LOMAC", "Use Low Watermark Mandatory Access Control at boot",
dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" },
@ -2238,6 +2240,28 @@ DMenu MenuSecurity = {
{ NULL } },
};
DMenu MenuSecurelevel = {
DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
"Securelevel Configuration Menu",
"This menu allows you to select the securelevel your system runs with.\n"
"When operating at a securelevel, certain root privileges are disabled,\n"
"which may increase resistance to exploits and protect system integrity.\n"
"In secure mode system flags may not be overriden by the root user,\n"
"access to direct kernel memory is limited, and kernel modules may not\n"
"be changed. In highly secure mode, mounted file systems may not be\n"
"modified on-disk, tampering with the system clock is prohibited. In\n"
"network secure mode configuration changes to firwalling are prohibited.\n",
"Select a securelevel to operate at - F1 for help",
"securelevel",
{ { "X Exit", "Exit this menu (returning to previous)",
checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
{ "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, },
{ "Secure", "Secure mode", NULL, configSecurelevelSecure },
{ "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure },
{ "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure },
{ NULL } }
};
DMenu MenuFixit = {
DMENU_NORMAL_TYPE,
"Please choose a fixit option",

View File

@ -143,6 +143,7 @@
#define VAR_IPADDR "ipaddr"
#define VAR_IPV6_ENABLE "ipv6_enable"
#define VAR_IPV6ADDR "ipv6addr"
#define VAR_KERN_SECURELEVEL "kern_securelevel"
#define VAR_KEYMAP "keymap"
#define VAR_LABEL "label"
#define VAR_LABEL_COUNT "labelCount"
@ -452,6 +453,7 @@ extern DMenu MenuMediaTape; /* Tape media menu */
extern DMenu MenuNetworkDevice; /* Network device menu */
extern DMenu MenuNTP; /* NTP time server menu */
extern DMenu MenuSecurity; /* System security options menu */
extern DMenu MenuSecurelevel; /* Securelevel menu */
extern DMenu MenuStartup; /* Startup services menu */
#ifdef WITH_SYSCONS
extern DMenu MenuSyscons; /* System console configuration menu */
@ -531,6 +533,11 @@ extern int configMTAPostfix(dialogMenuItem *self);
extern int configMTAExim(dialogMenuItem *self);
extern int configRpcBind(dialogMenuItem *self);
extern int configWriteRC_conf(dialogMenuItem *self);
extern int configSecurelevel(dialogMenuItem *self);
extern int configSecurelevelDisabled(dialogMenuItem *self);
extern int configSecurelevelSecure(dialogMenuItem *self);
extern int configSecurelevelHighlySecure(dialogMenuItem *self);
extern int configSecurelevelNetworkSecure(dialogMenuItem *self);
extern int configEtcTtys(dialogMenuItem *self);
#ifdef __i386__
extern int checkLoaderACPI(void);