FreeBSD Bugzilla – Attachment 243669 Details for
Bug 236410
Settings not being remembered in System Hardening menu during installation.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
0001-hardening-remember-the-answers-to-each-item.patch
0001-hardening-remember-the-answers-to-each-item.patch (text/plain), 2.54 KB, created by
Pierre Pronchery
on 2023-07-28 16:22:36 UTC
(
hide
)
Description:
0001-hardening-remember-the-answers-to-each-item.patch
Filename:
MIME Type:
Creator:
Pierre Pronchery
Created:
2023-07-28 16:22:36 UTC
Size:
2.54 KB
patch
obsolete
>From 6b11c65693c86c7f3e46be16de7877ffb662bba5 Mon Sep 17 00:00:00 2001 >From: Pierre Pronchery <pierre@freebsdfoundation.org> >Date: Fri, 28 Jul 2023 18:19:21 +0200 >Subject: [PATCH] hardening: remember the answers to each item > >With this change, the settings for all 9 possible hardening options are >remembered when re-entering this menu. > >PR: #236410 >Sponsored by: The FreeBSD Foundation >--- > scripts/hardening | 28 +++++++++++++++++++++++++--- > 1 file changed, 25 insertions(+), 3 deletions(-) > >diff --git a/scripts/hardening b/scripts/hardening >index 99ffe18..019b51e 100755 >--- a/scripts/hardening >+++ b/scripts/hardening >@@ -32,9 +32,31 @@ > > : ${BSDDIALOG_OK=0} > >-echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening >-echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening >-echo -n > $BSDINSTALL_TMPBOOT/loader.conf.hardening >+# make sure the target files exist >+touch $BSDINSTALL_TMPETC/rc.conf.hardening >+touch $BSDINSTALL_TMPETC/sysctl.conf.hardening >+touch $BSDINSTALL_TMPBOOT/loader.conf.hardening >+ >+# load the current settings >+hide_uids=$(grep -q '^security\.bsd\.see_other_uids=0$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+hide_gids=$(grep -q '^security\.bsd\.see_other_gids=0$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+hide_jail=$(grep -q '^security\.bsd\.see_jail_proc=0$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+read_msgbuf=$(grep -q '^security\.bsd\.unprivileged_read_msgbuf=0$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+proc_debug=$(grep -q '^security\.bsd\.unprivileged_proc_debug=0$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+random_pid=$(grep -q '^kern\.randompid=1$' $BSDINSTALL_TMPETC/sysctl.conf.hardening && echo on) >+clear_tmp=$(sysrc -ef $BSDINSTALL_TMPETC/rc.conf.hardening clear_tmp_enable) >+clear_tmp=${clear_tmp#*=} >+[ -n "$clear_tmp" -a "$clear_tmp" = '"YES"' ] && clear_tmp="on" >+disable_syslogd=$(sysrc -ef $BSDINSTALL_TMPETC/rc.conf.hardening syslogd_flags) >+disable_syslogd=${disable_syslogd#*=} >+[ -n "$disable_syslogd" -a "$disable_syslogd" = '"-ss"' ] && disable_syslogd="on" >+secure_console=$([ -f $BSDINSTALL_TMPETC/ttys.hardening ] && grep -q 'unknown off insecure' $BSDINSTALL_TMPETC/ttys.hardening && echo "on") >+disable_ddtrace=$(grep -q '^security\.bsd\.allow_destructive_dtrace=0$' $BSDINSTALL_TMPBOOT/loader.conf.hardening && echo on) >+ >+# reset the target files >+: > $BSDINSTALL_TMPETC/rc.conf.hardening >+: > $BSDINSTALL_TMPETC/sysctl.conf.hardening >+: > $BSDINSTALL_TMPBOOT/loader.conf.hardening > > exec 3>&1 > FEATURES=$( bsddialog --backtitle "$OSNAME Installer" \ >-- >2.41.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=243669">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 236410
: 243669