History log of /freebsd/usr.sbin/bsdinstall/scripts/hardening (Results 1 – 25 of 32)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: release/14.0.0
# c0e249d3 15-Aug-2023 Lars Kellogg-Stedman <lars@oddbit.com>

bsdinstall: avoid conflicts with fd 3

Throughout the bsdinstall script fd 3 is used by f_dprintf (set through
$TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts,
we use fd 3 to

bsdinstall: avoid conflicts with fd 3

Throughout the bsdinstall script fd 3 is used by f_dprintf (set through
$TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts,
we use fd 3 to juggle stdout when calling out to other tools, which can
cause the installer to fail with a "Bad file descriptor" error when
f_dprintf attempts to use it.

This commit replaces all constructs like this:

exec 3>&1
SOME_VARIABLE=$(some command 2>&1 1>&3)
exec 3>&-

With:

exec 5>&1
SOME_VARIABLE=$(some command 2>&1 1>&5)
exec 5>&-

PR: 273148
Reviewed by: corvink
Fixes: 1f7746d81f53447ac15cc99395bb714d4dd0a4da ("bsdinstall: stop messing with file descriptors")
MFC after: 1 week

show more ...


# d0b2dbfa 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/


# fe06db18 01-Jun-2023 Baptiste Daroussin <bapt@FreeBSD.org>

bsdinstall: remove sendmail hardening option

sendmail is fully disabled in 14.0 by default

Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D40367


Revision tags: release/13.2.0, release/12.4.0
# cc42ef53 24-May-2022 Brad Davis <brd@FreeBSD.org>

bsdinstall: allow whitelabeling the scripts

Approved by: allanjude, asiciliano
Differential Revision: https://reviews.freebsd.org/D35197
Sponsored by: Rubicon Communications, LLC ("Netgate")


Revision tags: release/13.1.0
# 4d1ba6fe 23-Mar-2022 Alfonso S. Siciliano <asiciliano@FreeBSD.org>

bsdinstall hardening: Replace dialog with bsddialog

bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with
(BSD-2-CLAUSE) dialog utility.

Approved by: bapt (mentor)
Differential Revision

bsdinstall hardening: Replace dialog with bsddialog

bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with
(BSD-2-CLAUSE) dialog utility.

Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34102

show more ...


Revision tags: release/12.3.0
# bf410c6e 12-Nov-2021 Marcin Wojtas <mw@FreeBSD.org>

Revert "bsdinstall: add knob to set ASLR sysctls"

This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.

Because now ASLR is enabled by default for 64-bit architectures
and the purpose of th

Revert "bsdinstall: add knob to set ASLR sysctls"

This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.

Because now ASLR is enabled by default for 64-bit architectures
and the purpose of the installation menu is to allow choosing
additional 'mitigation'/'hardening' options that are originally
disabled, remove the ASLR knob from bsdinstall.

Discussed with: emaste
Obtained from: Semihalf
Sponsored by: Stormshield

show more ...


Revision tags: release/13.0.0
# 020f4112 29-Jan-2021 Ed Maste <emaste@FreeBSD.org>

bsdinstall: add knob to set ASLR sysctls

Reviewed by: mw
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28418


# fbc57e2d 29-Jan-2021 Ed Maste <emaste@FreeBSD.org>

bsdinstall: replace multiple ifs with case

Reduce copy-paste and use a more typical construct.

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28417


Revision tags: release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0
# 01d4e214 05-Oct-2018 Glen Barber <gjb@FreeBSD.org>

MFH r338661 through r339200.

Sponsored by: The FreeBSD Foundation


# ce44d808 27-Sep-2018 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r338731 through r338987.


# c3afb29b 21-Sep-2018 Dag-Erling Smørgrav <des@FreeBSD.org>

Add an installer option to disable destructive dtrace.

Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Approved by: re (kib)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D

Add an installer option to disable destructive dtrace.

Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Approved by: re (kib)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D12474

show more ...


Revision tags: release/11.2.0
# c2c014f2 07-Nov-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r323559 through r325504.


# 50896984 10-Oct-2017 Enji Cooper <ngie@FreeBSD.org>

MFhead@r324482


# f78bd12d 02-Oct-2017 Allan Jude <allanjude@FreeBSD.org>

bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour

Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on e

bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour

Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on each boot.

Previous behaviour:
When kern.randompid was enabled via the the bsdinstall(8) hardening menu,
a random value was generated and placed in the systems /etc/sysctl.conf as
kern.randompid=value
This makes the value of kern.randompid static across reboots.

New behaviour:
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the
line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This takes advantage of a new kernel feature and makes the value of
kern.randompid be randomized by the kernel on each reboot.

Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D12433

show more ...


Revision tags: release/10.4.0
# 531c2d7a 24-Jul-2017 Enji Cooper <ngie@FreeBSD.org>

MFhead@r320180


# bca9d05f 23-Jul-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r319973 through 321382.


# 90a5403f 21-Jul-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r321307 through r321350.


# 391aafd7 21-Jul-2017 Bartek Rutkowski <robak@FreeBSD.org>

Remove stack guard option from hardening menu.

Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.

Submitted by: Bartlomiej Rut

Remove stack guard option from hardening menu.

Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.

Submitted by: Bartlomiej Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D11686

show more ...


Revision tags: release/11.1.0
# d2043ca3 14-Jul-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r320573 through r320970.


# 2669f7eb 06-Jul-2017 Bartek Rutkowski <robak@FreeBSD.org>

usr.sbin/bsdinstall/scripts/hardening: fix options numbers

Submitted by: Bartek Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Differential Revision: https://revi

usr.sbin/bsdinstall/scripts/hardening: fix options numbers

Submitted by: Bartek Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D11505

show more ...


# 82ec242f 05-Jul-2017 Bartek Rutkowski <robak@FreeBSD.org>

Add option to bsdinstall to disable insecure console, update stack guard option

This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one an

Add option to bsdinstall to disable insecure console, update stack guard option

This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one and updates stack guard option so it
would set the value of relevant sysctl to 512 (2MB)

Submitted by: Bartek Rutkowski
Reviewed by: adrian, bapt, emaste
Approved by: bapt, emaste
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D9700

show more ...


# f6e653bb 02-Jul-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r320398 through r320572.


# d8061eff 29-Jun-2017 Steve Wills <swills@FreeBSD.org>

Add hardening menu item for security.bsd.see_jail_proc

Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D11283


# 2434a052 17-Mar-2017 Bartek Rutkowski <robak@FreeBSD.org>

Revert changes introduced in r314036 on demand by jhb and bapt.

Approved by: bapt, jhb


# 6ae9acde 23-Feb-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r313896 through r314128.


12