? keymap.h
? makedevs.c
? rtermcap
? sysinstall
? sysinstall.8.gz
? sysinstall.diff
Index: config.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/sysinstall/config.c,v
retrieving revision 1.217
diff -u -r1.217 config.c
--- config.c	28 Nov 2003 18:47:44 -0000	1.217
+++ config.c	29 Nov 2003 03:00:41 -0000
@@ -537,6 +537,52 @@
 #endif
 
 int
+configSecurelevel(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurelevel, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelDisabled(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "NO", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "1", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelHighlySecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "2", 1);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurelevelNetworkSecure(dialogMenuItem *self)
+{
+
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "3", 1);
+    return DITEM_SUCCESS;
+}
+
+int
 configSecurity(dialogMenuItem *self)
 {
     WINDOW *w = savescr();
Index: menus.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/sysinstall/menus.c,v
retrieving revision 1.383
diff -u -r1.383 menus.c
--- menus.c	28 Nov 2003 18:47:44 -0000	1.383
+++ menus.c	29 Nov 2003 03:00:42 -0000
@@ -2229,6 +2229,8 @@
     NULL,
     { { "X Exit",      "Exit this menu (returning to previous)",
 	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Securelevel",	"Configure securelevels for the system",
+	NULL, configSecurelevel },
 #if 0
       { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
@@ -2236,6 +2238,28 @@
       { " NFS port",	"Require that the NFS clients used reserved ports",
 	dmenuVarCheck,  dmenuToggleVariable, NULL, "nfs_reserved_port_only=YES" },
       { NULL } },
+};
+
+DMenu MenuSecurelevel = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Securelevel Configuration Menu",
+    "This menu allows you to select the securelevel your system runs with.\n"
+    "When operating at a securelevel, certain root privileges are disabled,\n"
+    "which may increase resistance to exploits and protect system integrity.\n"
+    "In secure mode system flags may not be overriden by the root user,\n"
+    "access to direct kernel memory is limited, and kernel modules may not\n"
+    "be changed.  In highly secure mode, mounted file systems may not be\n"
+    "modified on-disk, tampering with the system clock is prohibited.  In\n"
+    "network secure mode configuration changes to firwalling are prohibited.\n",
+    "Select a securelevel to operate at - F1 for help",
+    "securelevel",
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { "Disabled", "Disable securelevels", NULL, configSecurelevelDisabled, },
+      { "Secure", "Secure mode", NULL, configSecurelevelSecure },
+      { "Highly Secure", "Highly secure mode", NULL, configSecurelevelHighlySecure }, 
+      { "Network Secure", "Network secure mode", NULL, configSecurelevelNetworkSecure },
+      { NULL } }
 };
 
 DMenu MenuFixit = {
Index: sysinstall.h
===================================================================
RCS file: /home/ncvs/src/usr.sbin/sysinstall/sysinstall.h,v
retrieving revision 1.253
diff -u -r1.253 sysinstall.h
--- sysinstall.h	28 Nov 2003 18:47:44 -0000	1.253
+++ sysinstall.h	29 Nov 2003 03:00:42 -0000
@@ -143,6 +143,7 @@
 #define VAR_IPADDR			"ipaddr"
 #define VAR_IPV6_ENABLE			"ipv6_enable"
 #define VAR_IPV6ADDR			"ipv6addr"
+#define VAR_KERN_SECURELEVEL		"kern_securelevel"
 #define VAR_KEYMAP			"keymap"
 #define VAR_LABEL			"label"
 #define VAR_LABEL_COUNT			"labelCount"
@@ -452,6 +453,7 @@
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
 extern DMenu		MenuSecurity;		/* System security options menu			*/
+extern DMenu		MenuSecurelevel;	/* Securelevel menu */
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 #ifdef WITH_SYSCONS
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
@@ -531,6 +533,11 @@
 extern int	configMTAExim(dialogMenuItem *self);
 extern int	configRpcBind(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
+extern int	configSecurelevel(dialogMenuItem *self);
+extern int	configSecurelevelDisabled(dialogMenuItem *self);
+extern int	configSecurelevelSecure(dialogMenuItem *self);
+extern int	configSecurelevelHighlySecure(dialogMenuItem *self);
+extern int	configSecurelevelNetworkSecure(dialogMenuItem *self);
 extern int	configEtcTtys(dialogMenuItem *self);
 #ifdef __i386__
 extern int	checkLoaderACPI(void);
Index: help/securelevel.hlp
===================================================================
RCS file: help/securelevel.hlp
diff -N help/securelevel.hlp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ help/securelevel.hlp	29 Nov 2003 03:00:42 -0000
@@ -0,0 +1,36 @@
+This menu allows you to configure the Securelevel mechanism in FreeBSD.
+
+Securelevels may be used to limit the privileges assigned to the
+root user in multi-user mode, which in turn may limit the effects of
+a root compromise, at the cost of reducing administrative functions.
+Refer to the init(8) manual page for complete details.
+
+   -1    Permanently insecure mode - always run the system in level 0 mode.
+         This is the default initial value.
+
+   0     Insecure mode - immutable and append-only flags may be turned off.
+         All devices may be read or written subject to their permissions.
+
+   1     Secure mode - the system immutable and system append-only flags may
+         not be turned off; disks for mounted file systems, /dev/mem, and
+         /dev/kmem may not be opened for writing; kernel modules (see
+         kld(4)) may not be loaded or unloaded.
+
+   2     Highly secure mode - same as secure mode, plus disks may not be
+         opened for writing (except by mount(2)) whether mounted or not.
+         This level precludes tampering with file systems by unmounting
+         them, but also inhibits running newfs(8) while the system is multi-
+         user.
+
+         In addition, kernel time changes are restricted to less than or
+         equal to one second.  Attempts to change the time by more than this
+         will log the message ``Time adjustment clamped to +1 second''.
+
+   3     Network secure mode - same as highly secure mode, plus IP packet
+         filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
+         dummynet(4) configuration cannot be adjusted.
+
+Securelevels must be used in combination with careful system design and
+application of protective mechanisms to prevent system configuration
+files from being modified in a way that compromises the protections of
+the securelevel variable upon reboot.