kern_securelevel revision 252017
1238438Sdteske#!/bin/sh 2238438Sdteske#- 3249746Sdteske# Copyright (c) 2012-2013 Devin Teske 4238438Sdteske# All Rights Reserved. 5238438Sdteske# 6238438Sdteske# Redistribution and use in source and binary forms, with or without 7238438Sdteske# modification, are permitted provided that the following conditions 8238438Sdteske# are met: 9238438Sdteske# 1. Redistributions of source code must retain the above copyright 10238438Sdteske# notice, this list of conditions and the following disclaimer. 11238438Sdteske# 2. Redistributions in binary form must reproduce the above copyright 12238438Sdteske# notice, this list of conditions and the following disclaimer in the 13238438Sdteske# documentation and/or other materials provided with the distribution. 14238438Sdteske# 15238438Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16238438Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO, THE 17238438Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18238438Sdteske# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19238438Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20238438Sdteske# DAMAGES (INLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21238438Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22238438Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23238438Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24238438Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25238438Sdteske# SUCH DAMAGE. 26238438Sdteske# 27238438Sdteske# $FreeBSD: head/usr.sbin/bsdconfig/security/kern_securelevel 252017 2013-06-20 05:40:11Z dteske $ 28238438Sdteske# 29238438Sdteske############################################################ INCLUDES 30238438Sdteske 31240684SdteskeBSDCFG_SHARE="/usr/share/bsdconfig" 32240684Sdteske. $BSDCFG_SHARE/common.subr || exit 1 33244675Sdteskef_dprintf "%s: loading includes..." "$0" 34240684Sdteskef_include $BSDCFG_SHARE/dialog.subr 35240684Sdteskef_include $BSDCFG_SHARE/mustberoot.subr 36240684Sdteskef_include $BSDCFG_SHARE/sysrc.subr 37238438Sdteske 38240684SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" 39238438Sdteskef_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr 40238438Sdteske 41242107SdteskeSECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp 42242107Sdteske 43243112Sdteskeipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) 44238438Sdteske[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" 45238438Sdteske 46238438Sdteske############################################################ FUNCTIONS 47238438Sdteske 48238438Sdteske# dialog_menu_main 49238438Sdteske# 50238438Sdteske# Display the dialog(1)-based application main menu. 51238438Sdteske# 52238438Sdteskedialog_menu_main() 53238438Sdteske{ 54238438Sdteske local prompt="$msg_securelevels_menu_text" 55251264Sdteske local menu_list=" 56238438Sdteske '$msg_disabled' '$msg_disable_securelevels' 57238438Sdteske '$msg_secure' '$msg_secure_mode' 58238438Sdteske '$msg_highly_secure' '$msg_highly_secure_mode' 59238438Sdteske '$msg_network_secure' '$msg_network_secure_mode' 60238438Sdteske " # END-QUOTE 61251264Sdteske local defaultitem= # Calculated below 62251264Sdteske local hline="$hline_select_securelevel_to_operate_at" 63238438Sdteske 64251190Sdteske local height width rows 65251190Sdteske eval f_dialog_menu_size height width rows \ 66251190Sdteske \"\$DIALOG_TITLE\" \ 67251190Sdteske \"\$DIALOG_BACKTITLE\" \ 68251190Sdteske \"\$prompt\" \ 69251190Sdteske \"\$hline\" \ 70251190Sdteske $menu_list 71238438Sdteske 72249751Sdteske case "$( f_sysrc_get kern_securelevel_enable )" in 73249751Sdteske [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 74249751Sdteske case "$( f_sysrc_get kern_securelevel )" in 75249751Sdteske 1) defaultitem="$msg_secure" ;; 76249751Sdteske 2) defaultitem="$msg_highly_secure" ;; 77249751Sdteske 3) defaultitem="$msg_network_secure" ;; 78249751Sdteske esac ;; 79249751Sdteske *) 80249751Sdteske defaultitem="$msg_disabled" 81249751Sdteske esac 82249751Sdteske 83251236Sdteske local menu_choice 84251236Sdteske menu_choice=$( eval $DIALOG \ 85249751Sdteske --title \"\$DIALOG_TITLE\" \ 86238438Sdteske --backtitle \"\$DIALOG_BACKTITLE\" \ 87238438Sdteske --hline \"\$hline\" \ 88238438Sdteske --ok-label \"\$msg_ok\" \ 89238438Sdteske --cancel-label \"\$msg_cancel\" \ 90241899Sdteske --help-button \ 91245401Sdteske --help-label \"\$msg_help\" \ 92242096Sdteske ${USE_XDIALOG:+--help \"\"} \ 93249751Sdteske --default-item \"\$defaultitem\" \ 94251190Sdteske --menu \"\$prompt\" \ 95251190Sdteske $height $width $rows \ 96238438Sdteske $menu_list \ 97240768Sdteske 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 98240768Sdteske ) 99240768Sdteske local retval=$? 100251236Sdteske f_dialog_menutag_store -s "$menu_choice" 101240768Sdteske return $retval 102238438Sdteske} 103238438Sdteske 104238438Sdteske############################################################ MAIN 105238438Sdteske 106238438Sdteske# Incorporate rc-file if it exists 107238438Sdteske[ -f "$HOME/.bsdconfigrc" ] && f_include "$HOME/.bsdconfigrc" 108238438Sdteske 109238438Sdteske# 110238438Sdteske# Process command-line arguments 111238438Sdteske# 112250633Sdteskewhile getopts h$GETOPTS_STDARGS flag; do 113238438Sdteske case "$flag" in 114238438Sdteske h|\?) f_usage $BSDCFG_LIBE/$APP_DIR/USAGE "PROGRAM_NAME" "$pgm";; 115238438Sdteske esac 116238438Sdteskedone 117238438Sdteskeshift $(( $OPTIND - 1 )) 118238438Sdteske 119238438Sdteske# 120238438Sdteske# Initialize 121238438Sdteske# 122238438Sdteskef_dialog_title "$msg_securelevels_menu_title" 123238438Sdteskef_dialog_backtitle "${ipgm:+bsdconfig }$pgm" 124238438Sdteskef_mustberoot_init 125238438Sdteske 126238438Sdteske# 127251933Sdteske# Launch application main menu (loop for additional `Help' button) 128238438Sdteske# 129241899Sdteskewhile :; do 130241899Sdteske dialog_menu_main 131241899Sdteske retval=$? 132251236Sdteske f_dialog_menutag_fetch mtag 133238438Sdteske 134241899Sdteske if [ $retval -eq 2 ]; then 135241899Sdteske # The Help button was pressed 136242107Sdteske f_show_help "$SECURELEVEL_HELPFILE" 137241899Sdteske continue 138241899Sdteske elif [ $retval -ne 0 ]; then 139241899Sdteske f_die 140241899Sdteske fi 141238438Sdteske 142241899Sdteske break 143241899Sdteskedone 144241899Sdteske 145238438Sdteskecase "$mtag" in 146238438Sdteske"$msg_disabled") 147238438Sdteske f_sysrc_set kern_securelevel_enable "NO" 148238438Sdteske ;; 149238438Sdteske"$msg_secure") 150238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 151238438Sdteske f_sysrc_set kern_securelevel "1" 152238438Sdteske ;; 153238438Sdteske"$msg_highly_secure") 154238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 155238438Sdteske f_sysrc_set kern_securelevel "2" 156238438Sdteske ;; 157238438Sdteske"$msg_network_secure") 158238438Sdteske f_sysrc_set kern_securelevel_enable "YES" 159238438Sdteske f_sysrc_set kern_securelevel "3" 160238438Sdteske ;; 161252017Sdteske*) 162252017Sdteske f_die 1 "$msg_unknown_kern_securelevel_selection" 163238438Sdteskeesac 164238438Sdteske 165238438Sdteskeexit $SUCCESS 166238438Sdteske 167238438Sdteske################################################################################ 168238438Sdteske# END 169238438Sdteske################################################################################ 170