diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2021-01-29 19:00:29 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2021-02-20 16:54:31 +0000 |
| commit | fbc57e2df95b582f7d3287ed3919337bfec5711a (patch) | |
| tree | 3ded801afd15b0a51a0d87c90e0c52e93b88bc7a | |
| parent | 504e64af32ba6c62fdcc894a3b1da76061c64796 (diff) | |
| download | src-fbc57e2df95b582f7d3287ed3919337bfec5711a.tar.gz src-fbc57e2df95b582f7d3287ed3919337bfec5711a.zip | |
bsdinstall: replace multiple ifs with case
Reduce copy-paste and use a more typical construct.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28417
| -rwxr-xr-x | usr.sbin/bsdinstall/scripts/hardening | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/usr.sbin/bsdinstall/scripts/hardening b/usr.sbin/bsdinstall/scripts/hardening index 9fea1b6aed5d..58ea0a112e26 100755 --- a/usr.sbin/bsdinstall/scripts/hardening +++ b/usr.sbin/bsdinstall/scripts/hardening @@ -52,38 +52,40 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \ exec 3>&- for feature in $FEATURES; do - if [ "$feature" = "hide_uids" ]; then + case "$feature" in + hide_uids) echo security.bsd.see_other_uids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "hide_gids" ]; then + ;; + hide_gids) echo security.bsd.see_other_gids=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "hide_jail" ]; then + ;; + hide_jail) echo security.bsd.see_jail_proc=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "read_msgbuf" ]; then + ;; + read_msgbuf) echo security.bsd.unprivileged_read_msgbuf=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "proc_debug" ]; then + ;; + proc_debug) echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "random_pid" ]; then + ;; + random_pid) echo kern.randompid=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "clear_tmp" ]; then + ;; + clear_tmp) echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening - fi - if [ "$feature" = "disable_syslogd" ]; then + ;; + disable_syslogd) echo 'syslogd_flags="-ss"' >> $BSDINSTALL_TMPETC/rc.conf.hardening - fi - if [ "$feature" = "disable_sendmail" ]; then + ;; + disable_sendmail) echo 'sendmail_enable="NONE"' >> $BSDINSTALL_TMPETC/rc.conf.hardening - fi - if [ "$feature" = "secure_console" ]; then + ;; + secure_console) sed "s/unknown off secure/unknown off insecure/g" $BSDINSTALL_CHROOT/etc/ttys > $BSDINSTALL_TMPETC/ttys.hardening - fi - if [ "$feature" = "disable_ddtrace" ]; then + ;; + disable_ddtrace) echo 'security.bsd.allow_destructive_dtrace=0' >> $BSDINSTALL_TMPBOOT/loader.conf.hardening - fi + ;; + esac done |