From nobody Thu Jun 1 21:00:52 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QXJSj0gd8z4YCbQ; Thu, 1 Jun 2023 21:00:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QXJSj0FgXz47mc; Thu, 1 Jun 2023 21:00:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685653253; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hYozkgj4X1Clflym+ZmFnwudC1zceZH3crhHbUaCoCw=; b=BMWMRWfTT2ZQMHCDSYlLDIqw+uxXZ3WClf+Ty7KES4CkGYxuq7a8mG14PK0sjatyOGMEiX qshO/v27RIZxysR9K9CAf4hQQTISxd0AlPlaYwBiL4tYniRIHjKUbAV6Wsi1iFIJcl47nB xo/kCpLIWr7jKtuewkooeLbOASjWS9+hpzlwajWls6OgFzcT/G6bZXQKft4R34YtwTBne0 I/pKXkNWCKjebco0skSnR3x1o4NQPqWYks0OR8f9gAXUtyU1VNRJB+nuE+CiDMGiru7MJl exkTFNLPChKcImal014NTJtdPmEhs9poh1/Fyv/rW6+xZjzOFb52wEfFz/UqiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685653253; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hYozkgj4X1Clflym+ZmFnwudC1zceZH3crhHbUaCoCw=; b=mYohPYmV25fk7hUMdz685qhnij8ujEfcmmBZlmurNjnJkzlch3uUKHI2mc/gf3P9D6PmiW /h5LNOhOFISQrgB4Hn+yCPiAJvKYfJYltolBAZlkVU+3JF8VfIDBNNA7rzFhkC61vJyOWq HmKiIWcEZiLMSqUKTXUQ1NDbD2JEbC9V6pVViIJzXHHSHaXzuhJqhMi2Kl7f9YHvKOGCsr LmpMoRJhNLefM1vIFQ8Al6e8eSeYfS3fmPvLYWhet0nwd5AaAUU9c2962fceYd68AplF7h hnieh4UixDVqvG/5dNNE5W1N6tHJLYZWqoA9aBPsi81uDetgZ0VTUjYn18JMXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685653253; a=rsa-sha256; cv=none; b=DWXMnq26cmOhAok4nrXZ/yzfuRpgDGbS2vRGZL/asCPtJHmOy9JtnxPxOkcgA6iE2H4zG7 uSKenwaRBPhXODWSQG+rmEp/nSxDWz6Frifev63Vm+pG0VQjBaqmwJqUQR/GEgqm7aKB1B 0i8CvhPivCwTQB9R3tzrTP24hfA6kG+2r96mNkoxsxFIE6HxXen3LcveOsCfrmbqpvTC1E ZAYEJ2inIJcG1fT3zCzfkFplRUYBcO+IkAjgtsJ9a0PyM28/JarAojHyvNCnwSUKpuukU5 6enP6+DfBxg5alKf3JAlGMO862EmN1A+JiT+7vNoMPITrVm/Vpn0GKRzSGkNCw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QXJSh6TRJzWgd; Thu, 1 Jun 2023 21:00:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 351L0qEt058591; Thu, 1 Jun 2023 21:00:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 351L0q3M058589; Thu, 1 Jun 2023 21:00:52 GMT (envelope-from git) Date: Thu, 1 Jun 2023 21:00:52 GMT Message-Id: <202306012100.351L0q3M058589@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Baptiste Daroussin Subject: git: fe06db1817e0 - main - bsdinstall: remove sendmail hardening option List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bapt X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fe06db1817e0af6cbfa963598e249810773c115c Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=fe06db1817e0af6cbfa963598e249810773c115c commit fe06db1817e0af6cbfa963598e249810773c115c Author: Baptiste Daroussin AuthorDate: 2023-06-01 20:37:06 +0000 Commit: Baptiste Daroussin CommitDate: 2023-06-01 21:00:22 +0000 bsdinstall: remove sendmail hardening option sendmail is fully disabled in 14.0 by default Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D40367 --- usr.sbin/bsdinstall/scripts/hardening | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/usr.sbin/bsdinstall/scripts/hardening b/usr.sbin/bsdinstall/scripts/hardening index 4ee738fe0166..13d56f4efc0d 100755 --- a/usr.sbin/bsdinstall/scripts/hardening +++ b/usr.sbin/bsdinstall/scripts/hardening @@ -48,9 +48,8 @@ FEATURES=$( bsddialog --backtitle "$OSNAME Installer" \ "5 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \ "6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ "7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ - "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \ - "9 secure_console" "Enable console password prompt" ${secure_console:-off} \ - "10 disable_ddtrace" "Disallow DTrace destructive-mode" ${disable_ddtrace:-off} \ + "8 secure_console" "Enable console password prompt" ${secure_console:-off} \ + "9 disable_ddtrace" "Disallow DTrace destructive-mode" ${disable_ddtrace:-off} \ 2>&1 1>&3 ) retval=$? exec 3>&- @@ -85,9 +84,6 @@ for feature in $FEATURES; do disable_syslogd) echo 'syslogd_flags="-ss"' >> $BSDINSTALL_TMPETC/rc.conf.hardening ;; - disable_sendmail) - echo 'sendmail_enable="NONE"' >> $BSDINSTALL_TMPETC/rc.conf.hardening - ;; secure_console) sed "s/unknown off secure/unknown off insecure/g" $BSDINSTALL_CHROOT/etc/ttys > $BSDINSTALL_TMPETC/ttys.hardening ;;