Site Navigation

Date:      Sat, 27 Aug 2016 20:43:52 +0000 (UTC)
From:      Steven Kreuzer <skreuzer@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r304921 - stable/11/usr.sbin/bsdinstall/scripts
Message-ID:  <201608272043.u7RKhqtY026366@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: skreuzer (doc,ports committer)
Date: Sat Aug 27 20:43:52 2016
New Revision: 304921
URL: https://svnweb.freebsd.org/changeset/base/304921

Log:
  MFC r303877:
  
  Write kern.randompid to /etc/sysctl.conf
  
  Approved by:	allanjude

Modified:
  stable/11/usr.sbin/bsdinstall/scripts/hardening

Modified: stable/11/usr.sbin/bsdinstall/scripts/hardening
==============================================================================
--- stable/11/usr.sbin/bsdinstall/scripts/hardening	Sat Aug 27 20:33:19 2016	(r304920)
+++ stable/11/usr.sbin/bsdinstall/scripts/hardening	Sat Aug 27 20:43:52 2016	(r304921)
@@ -29,6 +29,7 @@
 : ${DIALOG_OK=0}
 
 echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening
+echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening
 
 exec 3>&1
 FEATURES=$( dialog --backtitle "FreeBSD Installer" \
@@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD 
 	"hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \
 	"read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
 	"proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
-	"random_pid" "Randomize the PID of newly created processes" ${random_id:-off} \
+	"random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
 	"stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
 	"clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
 	"disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
@@ -60,7 +61,7 @@ for feature in $FEATURES; do
 	if [ "$feature" = "proc_debug" ]; then
 		echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
 	fi
-	if [ "$feature" = "random_id" ]; then
+	if [ "$feature" = "random_pid" ]; then
 		echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
 	fi
 	if [ "$feature" = "stack_guard" ]; then

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608272043.u7RKhqtY026366>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact