svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
Bartek Rutkowski
robak at FreeBSD.org
Tue Feb 21 09:37:35 UTC 2017
Author: robak (ports committer)
Date: Tue Feb 21 09:37:33 2017
New Revision: 314036
URL: https://svnweb.freebsd.org/changeset/base/314036
Log:
Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdinstall in 'off by default' mode.
It has been there for a while, so the next step is to change them
to 'on by defaul' mode, so that in future we could simply enable
them in base OS.
Reviewed by: brd
Approved by: adrian
Differential Revision: https://reviews.freebsd.org/D9641
Modified:
head/usr.sbin/bsdinstall/scripts/hardening
Modified: head/usr.sbin/bsdinstall/scripts/hardening
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:33:21 2017 (r314035)
+++ head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:37:33 2017 (r314036)
@@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD
--title "System Hardening" --nocancel --separate-output \
--checklist "Choose system security hardening options:" \
0 0 0 \
- "0 hide_uids" "Hide processes running as other users" ${hide_uids:-off} \
- "1 hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \
- "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
- "3 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
- "4 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
- "5 stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
- "6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
- "7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
- "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
+ "0 hide_uids" "Hide processes running as other users" ${hide_uids:-on} \
+ "1 hide_gids" "Hide processes running as other groups" ${hide_gids:-on} \
+ "2 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-on} \
+ "3 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-on} \
+ "4 random_pid" "Randomize the PID of newly created processes" ${random_pid:-on} \
+ "5 stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-on} \
+ "6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-on} \
+ "7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-on} \
+ "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-on} \
2>&1 1>&3 )
exec 3>&-
More information about the svn-src-head
mailing list