kern_securelevel revision 245401
1238438Sdteske#!/bin/sh 2238438Sdteske#- 3238438Sdteske# Copyright (c) 2012 Devin Teske 4238438Sdteske# All Rights Reserved. 5238438Sdteske# 6238438Sdteske# Redistribution and use in source and binary forms, with or without 7238438Sdteske# modification, are permitted provided that the following conditions 8238438Sdteske# are met: 9238438Sdteske# 1. Redistributions of source code must retain the above copyright 10238438Sdteske# notice, this list of conditions and the following disclaimer. 11238438Sdteske# 2. Redistributions in binary form must reproduce the above copyright 12238438Sdteske# notice, this list of conditions and the following disclaimer in the 13238438Sdteske# documentation and/or other materials provided with the distribution. 14238438Sdteske# 15238438Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16238438Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE 17238438Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18238438Sdteske# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19238438Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20238438Sdteske# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21238438Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22238438Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23238438Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24238438Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25238438Sdteske# SUCH DAMAGE. 26238438Sdteske# 27238438Sdteske# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 245401 2013-01-14 01:09:23Z dteske $ 28238438Sdteske# 29238438Sdteske############################################################ INCLUDES 30238438Sdteske 31240684SdteskeBSDCFG_SHARE="/usr/share/bsdconfig" 32240684Sdteske. $BSDCFG_SHARE/common.subr || exit 1 33244675Sdteskef_dprintf "%s: loading includes..." "$0" 34240684Sdteskef_include $BSDCFG_SHARE/dialog.subr 35240684Sdteskef_include $BSDCFG_SHARE/mustberoot.subr 36240684Sdteskef_include $BSDCFG_SHARE/sysrc.subr 37238438Sdteske 38240684SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 39238438Sdteskef_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 40238438Sdteske 41242107SdteskeSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 42242107Sdteske 43243112Sdteskeipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) 44238438Sdteske[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" 45238438Sdteske 46238438Sdteske############################################################ FUNCTIONS 47238438Sdteske 48238438Sdteske# dialog_menu_main 49238438Sdteske# 50238438Sdteske# Display the dialog(1)-based application main menu. 51238438Sdteske# 52238438Sdteskedialog_menu_main() 53238438Sdteske{ 54238438Sdteske local menu_list size 55238438Sdteske local hline="$hline_select_securelevel_to_operate_at" 56238438Sdteske local prompt="$msg_securelevels_menu_text" 57238438Sdteske 58238438Sdteske menu_list=" 59238438Sdteske 'X $msg_exit' '$msg_exit_this_menu' 60238438Sdteske '$msg_disabled' '$msg_disable_securelevels' 61238438Sdteske '$msg_secure' '$msg_secure_mode' 62238438Sdteske '$msg_highly_secure' '$msg_highly_secure_mode' 63238438Sdteske '$msg_network_secure' '$msg_network_secure_mode' 64238438Sdteske " # END-QUOTE 65238438Sdteske 66238438Sdteske size=$( eval f_dialog_menu_size \ 67238438Sdteske \"\$DIALOG_TITLE\" \ 68238438Sdteske \"\$DIALOG_BACKTITLE\" \ 69238438Sdteske \"\$prompt\" \ 70238438Sdteske \"\$hline\" \ 71238438Sdteske $menu_list ) 72238438Sdteske 73240768Sdteske local dialog_menu 74240768Sdteske dialog_menu=$( eval $DIALOG \ 75238438Sdteske --clear --title \"\$DIALOG_TITLE\" \ 76238438Sdteske --backtitle \"\$DIALOG_BACKTITLE\" \ 77238438Sdteske --hline \"\$hline\" \ 78238438Sdteske --ok-label \"\$msg_ok\" \ 79238438Sdteske --cancel-label \"\$msg_cancel\" \ 80241899Sdteske --help-button \ 81245401Sdteske --help-label \"\$msg_help\" \ 82242096Sdteske ${USE_XDIALOG:+--help \"\"} \ 83238438Sdteske --menu \"\$prompt\" $size \ 84238438Sdteske $menu_list \ 85240768Sdteske 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 86240768Sdteske ) 87240768Sdteske local retval=$? 88240768Sdteske setvar DIALOG_MENU_$$ "$dialog_menu" 89240768Sdteske return $retval 90238438Sdteske} 91238438Sdteske 92238438Sdteske############################################################ MAIN 93238438Sdteske 94238438Sdteske# Incorporate rc-file if it exists 95238438Sdteske[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 96238438Sdteske 97238438Sdteske# 98238438Sdteske# Process command-line arguments 99238438Sdteske# 100238438Sdteskewhile getopts hSX flag; do 101238438Sdteske case "$flag" in 102238438Sdteske h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm";; 103238438Sdteske esac 104238438Sdteskedone 105238438Sdteskeshift $(( $OPTIND - 1 )) 106238438Sdteske 107238438Sdteske# 108238438Sdteske# Initialize 109238438Sdteske# 110238438Sdteskef_dialog_title "$msg_securelevels_menu_title" 111238438Sdteskef_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 112238438Sdteskef_mustberoot_init 113238438Sdteske 114238438Sdteske# 115238438Sdteske# Launch application main menu 116238438Sdteske# 117241899Sdteskewhile :; do 118241899Sdteske dialog_menu_main 119241899Sdteske retval=$? 120241899Sdteske mtag=$( f_dialog_menutag ) 121238438Sdteske 122241899Sdteske if [ $retval -eq 2 ]; then 123241899Sdteske # The Help button was pressed 124242107Sdteske f_show_help "$SECURELEVEL_HELPFILE" 125241899Sdteske continue 126241899Sdteske elif [ $retval -ne 0 ]; then 127241899Sdteske f_die 128241899Sdteske fi 129238438Sdteske 130241899Sdteske break 131241899Sdteskedone 132241899Sdteske 133238438Sdteskecase "$mtag" in 134238438Sdteske"$msg_disabled") 135238438Sdteske f_sysrc_set kern_securelevel_enable "NO" 136238438Sdteske ;; 137238438Sdteske"$msg_secure") 138238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 139238438Sdteske f_sysrc_set kern_securelevel "1" 140238438Sdteske ;; 141238438Sdteske"$msg_highly_secure") 142238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 143238438Sdteske f_sysrc_set kern_securelevel "2" 144238438Sdteske ;; 145238438Sdteske"$msg_network_secure") 146238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 147238438Sdteske f_sysrc_set kern_securelevel "3" 148238438Sdteske ;; 149238438Sdteskeesac 150238438Sdteske 151238438Sdteskeexit $SUCCESS 152238438Sdteske 153238438Sdteske################################################################################ 154238438Sdteske# END 155238438Sdteske################################################################################ 156