From 86f2d72fd8a6479f2e4633380eecc7cf1dd5e9c7 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 21 Dec 2001 18:30:50 +0000 Subject: o Add a configSecurity menu to generally configure security settings, and pull configSecurityProfile under that menu. Add a menu option to determine whether LOMAC is enabled at boot. Probably, eventually, many of the 'Security Profile' menu choices should be pulled out independently into the Security Menu, so as to make them individually selectable. Sponsored by: DARPA, NAI Labs --- usr.sbin/sade/config.c | 11 +++++++++++ usr.sbin/sade/menus.c | 22 +++++++++++++++++++--- usr.sbin/sade/sade.h | 1 + usr.sbin/sysinstall/config.c | 11 +++++++++++ usr.sbin/sysinstall/menus.c | 22 +++++++++++++++++++--- usr.sbin/sysinstall/sysinstall.h | 1 + 6 files changed, 62 insertions(+), 6 deletions(-) diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c index d12cd91efa40..cf68adb83405 100644 --- a/usr.sbin/sade/config.c +++ b/usr.sbin/sade/config.c @@ -479,6 +479,17 @@ configLinux(dialogMenuItem *self) return i; } +int +configSecurity(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + dialog_clear_norefresh(); + dmenuOpenSimple(&MenuSecurity, FALSE); + restorescr(w); + return DITEM_SUCCESS; +} + int configSecurityProfile(dialogMenuItem *self) { diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c index 88f065c11b20..3e1878907942 100644 --- a/usr.sbin/sade/menus.c +++ b/usr.sbin/sade/menus.c @@ -261,7 +261,7 @@ DMenu MenuIndex = { { " PCNFSD", "Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" }, { " Root Password", "Set the system manager's password.", NULL, dmenuSystemCommand, NULL, "passwd root" }, { " Router", "Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" }, - { " Security", "Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile }, + { " Security", "Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity }, { " Syscons", "The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons }, { " Syscons, Font", "The console screen font.", NULL, dmenuSubmenu, NULL, &MenuSysconsFont }, { " Syscons, Keymap", "The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap }, @@ -1259,8 +1259,8 @@ DMenu MenuConfigure = { NULL, dmenuSubmenu, NULL, &MenuMouse, NULL }, { " Networking", "Configure additional network services", NULL, dmenuSubmenu, NULL, &MenuNetworking }, - { " Security", "Select default system security profile", - NULL, dmenuSubmenu, NULL, &MenuSecurityProfile }, + { " Security", "Configure system security options", + NULL, dmenuSubmenu, NULL, &MenuSecurity }, { " Startup", "Configure system startup options", NULL, dmenuSubmenu, NULL, &MenuStartup }, { " TTYs", "Configure system ttys.", @@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = { { NULL } }, }; +DMenu MenuSecurity = { + DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS, + "System Security Options Menu", + "This menu allows you to configure aspects of the operating systme\n" + "policy.\n", + "Configure system security options", + NULL, + { { "X Exit", "Exit this menu (returning to previous)", + checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { " Security Profile", "Select a security profile for the system", + NULL, configSecurityProfile }, + { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", + dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, + { NULL } }, +}; + DMenu MenuSecurityProfile = { DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS, "Default system security profile", diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h index ed124a3f2f64..7ee69c158a73 100644 --- a/usr.sbin/sade/sade.h +++ b/usr.sbin/sade/sade.h @@ -384,6 +384,7 @@ extern DMenu MenuMediaFTP; /* FTP media menu */ extern DMenu MenuMediaTape; /* Tape media menu */ extern DMenu MenuNetworkDevice; /* Network device menu */ extern DMenu MenuNTP; /* NTP time server menu */ +extern DMenu MenuSecurity; /* System security options menu */ extern DMenu MenuSecurityProfile; /* Security profile menu */ extern DMenu MenuStartup; /* Startup services menu */ extern DMenu MenuSyscons; /* System console configuration menu */ diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c index d12cd91efa40..cf68adb83405 100644 --- a/usr.sbin/sysinstall/config.c +++ b/usr.sbin/sysinstall/config.c @@ -479,6 +479,17 @@ configLinux(dialogMenuItem *self) return i; } +int +configSecurity(dialogMenuItem *self) +{ + WINDOW *w = savescr(); + + dialog_clear_norefresh(); + dmenuOpenSimple(&MenuSecurity, FALSE); + restorescr(w); + return DITEM_SUCCESS; +} + int configSecurityProfile(dialogMenuItem *self) { diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c index 88f065c11b20..3e1878907942 100644 --- a/usr.sbin/sysinstall/menus.c +++ b/usr.sbin/sysinstall/menus.c @@ -261,7 +261,7 @@ DMenu MenuIndex = { { " PCNFSD", "Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" }, { " Root Password", "Set the system manager's password.", NULL, dmenuSystemCommand, NULL, "passwd root" }, { " Router", "Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" }, - { " Security", "Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile }, + { " Security", "Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity }, { " Syscons", "The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons }, { " Syscons, Font", "The console screen font.", NULL, dmenuSubmenu, NULL, &MenuSysconsFont }, { " Syscons, Keymap", "The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap }, @@ -1259,8 +1259,8 @@ DMenu MenuConfigure = { NULL, dmenuSubmenu, NULL, &MenuMouse, NULL }, { " Networking", "Configure additional network services", NULL, dmenuSubmenu, NULL, &MenuNetworking }, - { " Security", "Select default system security profile", - NULL, dmenuSubmenu, NULL, &MenuSecurityProfile }, + { " Security", "Configure system security options", + NULL, dmenuSubmenu, NULL, &MenuSecurity }, { " Startup", "Configure system startup options", NULL, dmenuSubmenu, NULL, &MenuStartup }, { " TTYs", "Configure system ttys.", @@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = { { NULL } }, }; +DMenu MenuSecurity = { + DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS, + "System Security Options Menu", + "This menu allows you to configure aspects of the operating systme\n" + "policy.\n", + "Configure system security options", + NULL, + { { "X Exit", "Exit this menu (returning to previous)", + checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' }, + { " Security Profile", "Select a security profile for the system", + NULL, configSecurityProfile }, + { " LOMAC", "Use Low Watermark Mandatory Access Control at boot", + dmenuVarCheck, dmenuToggleVariable, NULL, "lomac_enable=YES" }, + { NULL } }, +}; + DMenu MenuSecurityProfile = { DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS, "Default system security profile", diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h index ed124a3f2f64..7ee69c158a73 100644 --- a/usr.sbin/sysinstall/sysinstall.h +++ b/usr.sbin/sysinstall/sysinstall.h @@ -384,6 +384,7 @@ extern DMenu MenuMediaFTP; /* FTP media menu */ extern DMenu MenuMediaTape; /* Tape media menu */ extern DMenu MenuNetworkDevice; /* Network device menu */ extern DMenu MenuNTP; /* NTP time server menu */ +extern DMenu MenuSecurity; /* System security options menu */ extern DMenu MenuSecurityProfile; /* Security profile menu */ extern DMenu MenuStartup; /* Startup services menu */ extern DMenu MenuSyscons; /* System console configuration menu */ -- cgit v1.2.3