Re: svn commit: r302897 - head/usr.sbin/bsdinstall/scripts

Mon, 18 Jul 2016 17:44:19 -0700 


On 07/15/16 08:07, Bartek Rutkowski wrote:

Author: robak (ports committer)
Date: Fri Jul 15 15:07:24 2016
New Revision: 302897
URL: https://svnweb.freebsd.org/changeset/base/302897

Log:
   Add new System Hardening menu and options to bsdinstall.

   
   This patch add new 'hardening' file responsible for new bsdinstall

   'System Hardening' menu allowing users to set some sane and carefully
   picked system security options (like random process id's, hiding
   other users/groups processes and others).

   
   All options are OFF by default in this patch due to POLA principle

   with intention to turn change some of them to ON by default in future.

   
   Reviewed by:	adrian, allanjude, bdrewery, nwhitehorn

   Approved by: adrian, allanjude
   MFC after:   7 days


Thanks for this! One nit below.

Modified: head/usr.sbin/bsdinstall/scripts/auto
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/auto       Fri Jul 15 13:25:47 2016        
(r302896)
+++ head/usr.sbin/bsdinstall/scripts/auto       Fri Jul 15 15:07:24 2016        
(r302897)
@@ -385,6 +385,7 @@ if [ "$NETCONFIG_DONE" != yes ]; then
  fi
  bsdinstall time
  bsdinstall services
+bsdinstall hardening



As discussed in the review, I'd prefer it if this were not here and only 
the part below (in the final menu) were present in the auto script, in 
particular for 11.0-RELEASE. This keeps the installer flow and avoids 
preventing the user with a new menu of optional off-by-default things 
that you have to get through to finish the installation (Handbook 
installation is in the same category). Would it be possible to change that?

-Nathan


  dialog --backtitle "FreeBSD Installer" --title "Add User Accounts" --yesno \
      "Would you like to add users to the installed system now?" 0 0 && \
@@ -401,6 +402,7 @@ finalconfig() {
                "Hostname" "Set system hostname" \
                "Network" "Networking configuration" \
                "Services" "Set daemons to run on startup" \
+               "System Hardening" "Set security options" \
                "Time Zone" "Set system timezone" \
                "Handbook" "Install FreeBSD Handbook (requires network)" 2>&1 
1>&3)
        exec 3>&-
@@ -426,6 +428,10 @@ finalconfig() {
                bsdinstall services
                finalconfig
                ;;
+       "System Hardening")
+               bsdinstall hardening
+               finalconfig
+               ;;
        "Time Zone")
                bsdinstall time
                finalconfig



_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"






















					Reply via email to