| #
4bf41040 |
| 21-Feb-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdinstall in 'off by default' mode.
It has been there f
Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdinstall in 'off by default' mode.
It has been there for a while, so the next step is to change them
to 'on by defaul' mode, so that in future we could simply enable
them in base OS.
Reviewed by: brd
Approved by: adrian
Differential Revision: https://reviews.freebsd.org/D9641
show more ...
|
| #
a3906ca5 |
| 17-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313644 through r313895.
|
| #
95525572 |
| 16-Feb-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add 0-8 as shortcuts for jumping to menu items in the hardening menu.
Submitted by: skreuzer
Reviewed by: allanjude, robak
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D
Add 0-8 as shortcuts for jumping to menu items in the hardening menu.
Submitted by: skreuzer
Reviewed by: allanjude, robak
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D6826
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0 |
|
| #
27067774 |
| 16-Aug-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r303250 through r304235.
|
| #
1d01cb0d |
| 09-Aug-2016 |
Steven Kreuzer <skreuzer@FreeBSD.org> |
Write kern.randompid to /etc/sysctl.conf
PR: 211471
Reported by: survo@protonmail.com
Reviewed by: robak@
Approved by: allanjude@
MFC after: 3 days
Differential Revision: https://reviews.freebsd.o
Write kern.randompid to /etc/sysctl.conf
PR: 211471
Reported by: survo@protonmail.com
Reviewed by: robak@
Approved by: allanjude@
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7440
show more ...
|
| #
72121342 |
| 01-Aug-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Fix non-functional bsdinstall services dialog.
The most recent version of bsdinstall does not seem to respect any of
the checkboxes in the "Choose the services you would like to be started
at boot"
Fix non-functional bsdinstall services dialog.
The most recent version of bsdinstall does not seem to respect any of
the checkboxes in the "Choose the services you would like to be started
at boot" dialog. None of the chosen services end up in the rc.conf file
that is installed onto the target system.
This is caused by the bsdinstall/scripts/hardening script, which
implements the new hardening options dialog. The script starts by
overwriting the previously written rc.conf.services file:
echo -n > $BSDINSTALL_TMPETC/rc.conf.services
which is obviously incorrect. It should clear out rc.conf.hardening
instead.
Reviewed by: allanjude
PR: 211506
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7387
show more ...
|
| #
0e3f233f |
| 15-Jul-2016 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add new System Hardening menu and options to bsdinstall.
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
pick
Add new System Hardening menu and options to bsdinstall.
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
picked system security options (like random process id's, hiding
other users/groups processes and others).
All options are OFF by default in this patch due to POLA principle
with intention to turn change some of them to ON by default in future.
Reviewed by: adrian, allanjude, bdrewery, nwhitehorn
Approved by: adrian, allanjude
MFC after: 7 days
show more ...
|