diff options
Diffstat (limited to 'bsdconfig/security/kern_securelevel')
-rwxr-xr-x | bsdconfig/security/kern_securelevel | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/bsdconfig/security/kern_securelevel b/bsdconfig/security/kern_securelevel new file mode 100755 index 000000000000..9aa79b7de8f7 --- /dev/null +++ b/bsdconfig/security/kern_securelevel @@ -0,0 +1,175 @@ +#!/bin/sh +#- +# Copyright (c) 2012-2013 Devin Teske +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +############################################################ INCLUDES + +BSDCFG_SHARE="/usr/share/bsdconfig" +. $BSDCFG_SHARE/common.subr || exit 1 +f_dprintf "%s: loading includes..." "$0" +f_include $BSDCFG_SHARE/dialog.subr +f_include $BSDCFG_SHARE/mustberoot.subr +f_include $BSDCFG_SHARE/sysrc.subr + +BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" +f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr + +SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp + +f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && + pgm="${ipgm:-$pgm}" + +############################################################ FUNCTIONS + +# dialog_menu_main +# +# Display the dialog(1)-based application main menu. +# +dialog_menu_main() +{ + local prompt="$msg_securelevels_menu_text" + local menu_list=" + '$msg_disabled' '$msg_disable_securelevels' + '$msg_secure' '$msg_secure_mode' + '$msg_highly_secure' '$msg_highly_secure_mode' + '$msg_network_secure' '$msg_network_secure_mode' + " # END-QUOTE + local defaultitem= # Calculated below + local hline="$hline_select_securelevel_to_operate_at" + + local height width rows + eval f_dialog_menu_size height width rows \ + \"\$DIALOG_TITLE\" \ + \"\$DIALOG_BACKTITLE\" \ + \"\$prompt\" \ + \"\$hline\" \ + $menu_list + + case "$( f_sysrc_get kern_securelevel_enable )" in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + case "$( f_sysrc_get kern_securelevel )" in + 1) defaultitem="$msg_secure" ;; + 2) defaultitem="$msg_highly_secure" ;; + 3) defaultitem="$msg_network_secure" ;; + esac ;; + *) + defaultitem="$msg_disabled" + esac + + local menu_choice + menu_choice=$( eval $DIALOG \ + --title \"\$DIALOG_TITLE\" \ + --backtitle \"\$DIALOG_BACKTITLE\" \ + --hline \"\$hline\" \ + --ok-label \"\$msg_ok\" \ + --cancel-label \"\$msg_cancel\" \ + --help-button \ + --help-label \"\$msg_help\" \ + ${USE_XDIALOG:+--help \"\"} \ + --default-item \"\$defaultitem\" \ + --menu \"\$prompt\" \ + $height $width $rows \ + $menu_list \ + 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD + ) + local retval=$? + f_dialog_menutag_store -s "$menu_choice" + return $retval +} + +############################################################ MAIN + +# Incorporate rc-file if it exists +[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" + +# +# Process command-line arguments +# +while getopts h$GETOPTS_STDARGS flag; do + case "$flag" in + h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm" ;; + esac +done +shift $(( $OPTIND - 1 )) + +# +# Initialize +# +f_dialog_title "$msg_securelevels_menu_title" +f_dialog_backtitle "${ipgm:+bsdconfig }$pgm" +f_mustberoot_init + +# +# Launch application main menu (loop for additional `Help' button) +# +while :; do + dialog_menu_main + retval=$? + f_dialog_menutag_fetch mtag + + if [ $retval -eq $DIALOG_HELP ]; then + f_show_help "$SECURELEVEL_HELPFILE" + continue + elif [ $retval -ne $DIALOG_OK ]; then + f_die + fi + + break +done + +case "$mtag" in +"$msg_disabled") + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable NO' || f_die + ;; +"$msg_secure") + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 1' || f_die + ;; +"$msg_highly_secure") + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 2' || f_die + ;; +"$msg_network_secure") + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 3' || f_die + ;; +*) + f_die 1 "$msg_unknown_kern_securelevel_selection" +esac + +exit $SUCCESS + +################################################################################ +# END +################################################################################ |