all facilities that previously relied on /proc have been rewritten
to use ptrace(). procfs has presented a substantial security
hazard for years, with several user->root compromises in the last
few years. Procfs will continue to be available but will require
administrator intervention to use.
Reviewed by: scottl, jedgar, mike, tmm
o Move nfs_reserved_port_only out of security profiles (where it was
set somewhat improperly) to the Security options menu directly.
Previously, the variable was set to true for Moderate, but not for
Extreme, which is at best inconsistent.
o Update the Security Profiles help file to remove reference to the
NFS reserved port.
o Note that the kernel currently defaults the sysctl to '0', but
sysinstall has changed it to '1' as a default as of late; however,
rc.conf sets the value to NO as the default. This change brings
them relatively into sync.
Sponsored by: DARPA, NAI Labs
and pull configSecurityProfile under that menu. Add a menu option
to determine whether LOMAC is enabled at boot. Probably, eventually,
many of the 'Security Profile' menu choices should be pulled out
independently into the Security Menu, so as to make them individually
selectable.
Sponsored by: DARPA, NAI Labs
Add a timestamp to the comment so that it's possible to see when
changes were made.
e.g.:
# -- sysinstall generated deltas -- # Wed Aug 15 18:10:20 2001
conservative default, and actually prompt specifically for inetd rather
than handling it as a side effect of the security profile. Update the
help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
presented to the user.
o Remove portmap and inetd from profile management. Portmap is now
disabled by default, but automatically turned on if a feature requires
it (such as NFS, etc).
This is an MFC candidate for 4.4-RELEASE.
Reviewed by: freebsd-arch@FreeBSD.org
Approved by: re@FreeBSD.org
MFC after: 2 days
post-install config, reduce the potential confusion from the existence
of both configTTYs and configTtys by renaming configTTYs to
configEtcTtys. While this is not a C naming conflict, it was probably
a poor choice of names on my part.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
1. Has a time-stamp to show when it was created
2. Sorts and uniq's the output to only contain single instances of a
given setting. This doesn't mean you still can't have settings which
override one another, that's still possible since it's too much
trouble to do the redundancy checking here.
Requested by: lots of people
and also obey most of the rules of english in their construction.
Add a help screen for the security menu which gives the user a rough idea
just what the various security profiles do.
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Approved by: jkh
Write kern_securelevel_enable variable to rc.conf if user selects
medium or low security in sysinstall. This overrides the case where a
user selects fascist security and then tries to go back to a lower
setting.
appropriate(?) defaults for "low", "medium" and "high" security
environments. Medium is basically what we currently have with a little
seat-belt tightening where it made sense. Low is the same as medium but
without the tightening. High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null. Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)
Reviewed by: jhb
Discussed with: The usual cabal
does bad things to /etc/make.conf in certain situations. Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
IPv6 configuration is only done by rtsol. Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time. ftp7.jp speaks IPv4 as well and also listed as
Japan #7.
Approved by: jkh
be detected by netscape and such.
PR: bin/17659
Submitted by: Murray Stokelay <murray@cdrom.com>
Approved by: jkh
jkh made updates that conflict with the submitters patch, so I updated
accordingly, any mistakes are mine, not the submitters.
as redoing all the menus to have proper, or at least non-hallucinogenic,
keyboard accelerators.
This requires my recent update to libdialog to work properly and will
probably also exhibit some other "interesting" behavior while the last
few missing screen clears are found (which is why I'm not going to MFC
immediately). At least now, however, sysinstall does not gratuitously
redraw random screens at the drop of a hat and drive serial console
installers out of their minds.
I backed-out the changes in -current and didn't touch stable at all (I
thought I had my patch order reversed, not what actually happened).
AIEEE! I can't even blame the crack for this one since I broke my
crack pipe a few weeks ago. I think sleep deprivation gets the blame
for this one.
Medal for noticing this one goes to: Jim Bloom <bloom@acm.org>
bringing in DHCP support. The only thing I left out were Poul-Henning's
newfs changes since I'm not sure if he's brought the rest of that support
into -stable yet. If it turns out that this is the case, I'll MFC those
changes too.
on CDs and FTP sites.
o Collapse some redundant code.
o Fix typo'd menu.
o Restrict searches properly to packages rather than categories.
o Small tweaks to signal handling.
All RELENG_3 candidates.
feature of packages now so that no version info is embedded.
o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
and Windowmaker desktops instead of the boring twm(1) based one if the
user so chooses. This will require a little testing.
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
o Move fixups into extraction routine so all consumers don't have to duplicate
the right behavior.
o Make some things more orthogonal (just for asthetics sake)
o Add option to go back and do it again if XF86Setup fails (possibly with
a different setup - this one has always annoyed me).