Commit Graph

302 Commits

Author SHA1 Message Date
rwatson
d82a56b32d o Improve terminology consistency for security profile functionality:
the name for the moderate security profile is "moderate", not
  "medium", so update this one reference to it as "medium".

This is a 4.4-RELEASE MFC candidate.

MFC after:	2 days
2001-08-15 19:39:11 +00:00
rwatson
1e1af75f40 Compensate for default disabling of network services in inetd.conf(5)
by providing the opportunity to edit inetd.conf during the system
installation process.  The following modifications were made:

(1) Expand the Anonymous FTP description dialog to indicate that inetd
    and ftpd must be enabled before it can be used.

(2) Introduce a new configInetd() pair of dialogs, the first describing
    inetd, giving a couple of examples of services that require it, and
    hinting at potential risk, then asking the user if they wish to
    enable it.  The second indicates that inetd.conf must be configured
    to enabled specific services, and asks if the user would like to
    load inetd.conf into the editor to modify it.  Add this
    configuration action to the index.

There are some further improvements that might be considered:

(1) Provide a more inetd.conf-specific configuration tool that speaks
    inetd.conf(5).  However, this is made difficult by the "yet another
    configuration format" nature of inetd.conf, as well as its use of
    commenting to disable services, rather than an in-syntax way to
    disable a service without commenting it out.  Submissions here
    would probably be welcome.

(2) There's some overlap between settings in the somewhat obtuse
    Security Profile mechanism and other settings, including the inetd
    setting, and NFS server configuration.  As features become
    individually tunable, they should probably be removed from the
    security profile mechanism.  Otherwise, somewhat counter-intuitively,
    sysinstall (in practice) queries multiple times whether inetd, nfsd,
    etc, should be enabled/disabled.  A possible future direction might
    be to drive profiles not by degree of paranoia, rather, the set
    of services desired.  Or simply to remove the Security Profile
    mechanism and resort to feature-driven configuration.

Reviewed by:	imp, chris, jake, nate, -arch, -stable
2001-08-02 03:25:16 +00:00
ache
41f378ca9e Add ability to configure console terminal type in /etc/ttys
Reviewed by:	audit, jkh's silence
2001-07-17 04:09:50 +00:00
brian
8636b161b3 Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
dd
539769a080 Bring back part of rev. 1.296 I accidently reverted in the previous
commit.
2001-07-02 00:24:23 +00:00
dd
4a798fb83a Introduce DEVICE_INIT, DEVICE_GET, and DEVICE_SHUTDOWN macros. As the
names suggest, they perform methods on Device's.  In addition, they
check that the pointer passed to them is valid; if it isn't, they
pretend that the action failed.  This fixes some crashes due to NULL
dereferences (e.g., PR 26509).

Approved by:	jkh (some time ago)
2001-07-02 00:18:04 +00:00
nik
456c123190 Various changes to the messages so that they are now appropriate for both
CD and DVD releases of FreeBSD.
2001-06-27 17:48:43 +00:00
ru
8094d979ca - sys/msdosfs moved to sys/fs/msdosfs
- msdos.ko renamed to msdosfs.ko
- /usr/include/msdosfs moved to /usr/include/fs/msdosfs
2001-05-25 08:14:14 +00:00
jkh
3e353602c3 Make /compat a relative symlink instead of an absolute symlink.
Requested by:	jens
2001-05-19 19:08:56 +00:00
obrien
d79c544fc3 Mirror the newfs(8) defaults change I made in rev 1.33 of newfs.c where
I made `22' the default number of cylinders per group.
2001-03-27 17:05:23 +00:00
jkh
d0e4625beb Switch from lynx to "links" as the default doc browser.
Submitted by:	jim
2001-03-23 07:53:45 +00:00
jkh
bfe50892f1 Allow a script-using to disable the emergency holographic shell as
a security measure.

Requested by:	"David E. Cross" <crossd@enterprise.cs.rpi.edu>
2001-03-12 21:26:06 +00:00
jkh
e6899b0da5 Support setting soft updates from the label editor. 2001-03-10 19:51:04 +00:00
jkh
fd2808ffad Fix an informational message a little and properly check status of a yes/no
question which I bollicked up in my previous commit.
2000-12-16 05:36:10 +00:00
jkh
c8394629dc Adapt sysinstall to use the new msgNoYes() function which assumes
no as a default.  Sysinstall should be both less dangerous and less
annoying as a result of this change, though that's just my opinion
(since they're the defaults which annoy ME the least :).
2000-12-14 02:49:02 +00:00
kuriyama
3c81a4fab0 Remove extra ")". 2000-11-23 08:09:45 +00:00
truckman
ba9ae7c4f7 Back out change to prepend /sbin:/bin to $PATH, just overwrite $PATH
with these in the normal case.

Set MAKEDEVPATH in sysinstall to include the /mnt2 stuff before starting
the fixit shell.
2000-11-05 17:59:29 +00:00
jkh
34665aef12 Changes have been made to support a concept of VAR_FIXIT_TTY being
standard or serial.  This change needs to be done to the entire system that
depends on this.  This way we don't have some code using OnVTY checks
and other doing
        strcmp(variable_get(VAR_FIXIT_TTY), "standard") == 0
checks.  Also we need to set VAR_FIXIT_TTY to "serial" if we come up on
a serial console.

Also fixed a dialog problem in that dialog was used when dialog was
disabled causing some troubles such as not letting the cursor keys
work when exiting the fixit mode on media (ie. not the fixit shell but
for example fixit on a floppy).

Submitted by:	Doug Ambrisko <ambrisko@whistle.com>
PR:		22352
2000-10-30 23:46:12 +00:00
jkh
3b75778735 If user selects no distributions at all, assume "User" as
a default.  This should prevent people from whacking return at
the Distributions menu and getting nothing selected as a result
(a minimal "standard" system will at least install).

Flagged as big tech support headache by: Chris Shumway <cshumway@osd.bsdi.com>
2000-10-05 18:02:09 +00:00
jkh
4a01729c28 Adjust for new location and name of kernel.
PR:		21423
Reported by:	Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
2000-09-29 07:47:19 +00:00
jkh
74e251e27d Fix a small bogon with a boolean yes/no question check. 2000-09-25 07:15:19 +00:00
jkh
197520a6f5 One small tweak on the security profile code; don't be verbose if
setting up default values for an express/custom install.  It would
be confusing to see the informational popup completely out of context.
2000-09-24 06:44:00 +00:00
jkh
1d57918341 One whack at the idea of having "security profiles" which select the
appropriate(?) defaults for "low", "medium" and "high" security
environments.  Medium is basically what we currently have with a little
seat-belt tightening where it made sense.  Low is the same as medium but
without the tightening.  High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
2000-09-22 19:12:41 +00:00
jkh
48a226d4c8 MFS: sync with -stable by removing the now-vestigal X_AS_PKG stuff. 2000-09-07 16:05:52 +00:00
jkh
534da91803 Terminate, with extreme prejudice, the USAResident hack which
does bad things to /etc/make.conf in certain situations.  Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
2000-07-24 18:00:16 +00:00
jkh
c0840074ea Add a terminal entry for xterm; a lot of people are using xterms
in the serial-installation of FreeBSD.
2000-07-21 20:45:56 +00:00
obrien
1edbe25abe Allow the Fix-it functionality to detect that we are on a serial console,
and DTRT rather than start the fixit shell on a non-existant vty.

PR:	19837
Submitted by:	Doug Ambrisko <ambrisko@whistle.com>
Approved by:	JKH
2000-07-18 09:14:06 +00:00
ume
7d6550f688 IPv6 support.
IPv6 configuration is only done by rtsol.  Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time.  ftp7.jp speaks IPv4 as well and also listed as
Japan #7.

Approved by:	jkh
2000-07-14 08:33:10 +00:00
msmith
882dea157b Finish the /dev/rXXX removal job. With the libdisk fixes, this should
actually work again.
2000-05-31 00:57:48 +00:00
obrien
406f1714db Add an option to select the Fix-it tty. The current behavior is utterly
*useless* on serial consoled machines.
2000-05-16 22:05:32 +00:00
jhb
1ec3688bd0 Add support for USB to sysinstall. This includes running usbd and
setting 'usbd_enable' in rc.conf during nwe installs if USB is detected.
Also, since usbd already handles USB mice automatically, note that the
mouse setup section in sysinstall only applies to non-USB mice.
2000-05-12 03:01:17 +00:00
jkh
e8abb5e850 Sigh, it would have been nice but I just can't make the rsaref
hack work until we figure out some better way of handling package
interaction.
2000-03-18 20:14:58 +00:00
jkh
1ed162731b We still need a hack for rsaref package; add it. This doesn't
affect CDs since they don't contain the rsaref package anyway.
2000-03-18 08:46:23 +00:00
jkh
959970ff2c Make the "can't find an rsafoo package" messages more informative. 2000-03-18 07:20:50 +00:00
jkh
f5f929f515 Remove PkgInteractive hack - it won't work like this. 2000-03-12 03:57:26 +00:00
jkh
a001dc9f6e s/chose/choose/ in all the relevant places.
Noticed by:	John Reynolds <jjreynold@home.com>
2000-03-10 19:53:53 +00:00
jkh
8905bd306e o Add support for loading the rsaref or rsaintl packages, depending
on locale.

o Allow use of "G" in label editor to stand for gigabytes. This
  is actually an unrelated patch which I meant to commit separately
  but what the heck, it's late.

Partially submitted by:	phk
2000-02-29 10:40:59 +00:00
jkh
602f6c1a70 Revise this for the brave new world of "crypto"
Submitted by:	markm
Approved by:	me!
2000-02-29 09:09:36 +00:00
jkh
cee74ce389 If user says they're in the USA, record that fact in /etc/make.conf 2000-02-19 23:22:22 +00:00
jkh
1bc21e6863 no need to fix moused setting here; fix in defaults 2000-02-19 13:05:14 +00:00
jkh
d496b16406 Whoops, forgot to delete the ! operator in the reversed conditional
for anonftp.  Fix.
2000-02-19 12:42:03 +00:00
jkh
b2280568bf Invert the meaning of two questions in the Standard installation so just
whapping "Yes" by default does not turn you into an anonymous FTP-supporting
gateway machine.  Those aren't the right "defaults."
2000-02-18 18:33:15 +00:00
jkh
44c4a7d34d Don't call it a Novice install, call it Standard.
Also say thousands of packages, not hundreds.
2000-02-18 07:09:45 +00:00
obrien
3005c00a64 * add SVR4 and OSF/1 enabling in the Start Up config menu
* deals with X11 install when all we have is the Port (such as on the Alpha)

Ok'ed by:	JKH
2000-01-18 15:50:23 +00:00
jkh
d686cb2f42 MFC: can't stop tweaking this compulsively. 1999-12-19 07:02:46 +00:00
jkh
b844608749 cosmetics missed in last commit. 1999-12-19 06:50:44 +00:00
jkh
38d1286e58 In retrospect, msgNotify() should leave its contents on the screen
longer to give the user something to look at while things are happening.
Change it to do so and insert the appropriate screen saves elsewhere.
1999-12-17 02:46:04 +00:00
jkh
61075c3a9d Put up some more helpful dialog boxes.
Adjust some text to make more sense.
1999-12-15 01:30:52 +00:00
jkh
d3944eb60a Completely rip-out and redesign sysinstall's refresh model as well
as redoing all the menus to have proper, or at least non-hallucinogenic,
keyboard accelerators.

This requires my recent update to libdialog to work properly and will
probably also exhibit some other "interesting" behavior while the last
few missing screen clears are found (which is why I'm not going to MFC
immediately).  At least now, however, sysinstall does not gratuitously
redraw random screens at the drop of a hat and drive serial console
installers out of their minds.
1999-12-14 04:25:29 +00:00
jkh
5dc2695cfc I shouldn't have incremented PART_OFF; it was wrong and broke label
display to boot.  Also fix some various warning fluff while I'm in
here cleaning up.
1999-12-12 04:58:02 +00:00