f6b6e5ea40
o Re-run through /etc/sysctl.conf a second time just before we set the securelevel. Approved by: markm (mentor) (implicit) Reviewed by: dougb
61 lines
1.3 KiB
Bash
Executable File
61 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $NetBSD: securelevel,v 1.4 2002/03/22 04:34:00 thorpej Exp $
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: securelevel
|
|
# REQUIRE: aftermountlkm ipnat mountd
|
|
# BEFORE: DAEMON
|
|
# KEYWORD: FreeBSD NetBSD
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="securelevel"
|
|
start_cmd="securelevel_start"
|
|
stop_cmd=":"
|
|
|
|
securelevel_start()
|
|
{
|
|
# Last chance to set sysctl variables that failed the first time.
|
|
#
|
|
/etc/rc.d/sysctl lastload
|
|
|
|
case ${OSTYPE} in
|
|
FreeBSD)
|
|
case ${kern_securelevel_enable} in
|
|
[Yy][Ee][Ss])
|
|
if [ ${kern_securelevel} -ge 0 ]; then
|
|
echo 'Raising kernel security level: '
|
|
${SYSCTL_W} kern.securelevel=${kern_securelevel}
|
|
fi
|
|
;;
|
|
esac
|
|
;;
|
|
NetBSD)
|
|
# if $securelevel is set higher, change it here, else if
|
|
# it is 0, change it to 1 here, before we start daemons
|
|
# or login services.
|
|
#
|
|
osecurelevel=`sysctl -n kern.securelevel`
|
|
if [ -n "$securelevel" -a "$securelevel" != "$osecurelevel" ]; then
|
|
if [ "$securelevel" -lt "$osecurelevel" ]; then
|
|
echo "Can't lower securelevel."
|
|
exit 1
|
|
else
|
|
echo -n "Setting securelevel: "
|
|
${SYSCTL_W} kern.securelevel=$securelevel
|
|
fi
|
|
else
|
|
if [ "$osecurelevel" = 0 ]; then
|
|
echo -n "Setting securelevel: "
|
|
${SYSCTL_W} kern.securelevel=1
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|