1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Commit Graph

213 Commits

Author SHA1 Message Date
Robert Watson
614af3941d o Reduce the number of offered security profiles, as we now have a more
conservative default, and actually prompt specifically for inetd rather
  than handling it as a side effect of the security profile.  Update the
  help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
  presented to the user.
o Remove portmap and inetd from profile management.  Portmap is now
  disabled by default, but automatically turned on if a feature requires
  it (such as NFS, etc).

This is an MFC candidate for 4.4-RELEASE.

Reviewed by:	freebsd-arch@FreeBSD.org
Approved by:	re@FreeBSD.org
MFC after:	2 days
2001-08-10 23:57:43 +00:00
Robert Watson
f3ea28cb07 In preparation for MFC of sysinstall changes to edit /etc/ttys in
post-install config, reduce the potential confusion from the existence
of both configTTYs and configTtys by renaming configTTYs to
configEtcTtys.  While this is not a C naming conflict, it was probably
a poor choice of names on my part.
2001-08-07 12:48:17 +00:00
Robert Watson
c17d6a73f2 Add the ability to modify /etc/ttys before first reboot during the
system installation process.  This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install.  The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.

- Introduce configTTYs(), which describes the benefits of editing
  /etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
  the global configuration index.
2001-08-02 03:53:36 +00:00
Robert Watson
0c09bcb0e8 Compensate for default disabling of network services in inetd.conf(5)
by providing the opportunity to edit inetd.conf during the system
installation process.  The following modifications were made:

(1) Expand the Anonymous FTP description dialog to indicate that inetd
    and ftpd must be enabled before it can be used.

(2) Introduce a new configInetd() pair of dialogs, the first describing
    inetd, giving a couple of examples of services that require it, and
    hinting at potential risk, then asking the user if they wish to
    enable it.  The second indicates that inetd.conf must be configured
    to enabled specific services, and asks if the user would like to
    load inetd.conf into the editor to modify it.  Add this
    configuration action to the index.

There are some further improvements that might be considered:

(1) Provide a more inetd.conf-specific configuration tool that speaks
    inetd.conf(5).  However, this is made difficult by the "yet another
    configuration format" nature of inetd.conf, as well as its use of
    commenting to disable services, rather than an in-syntax way to
    disable a service without commenting it out.  Submissions here
    would probably be welcome.

(2) There's some overlap between settings in the somewhat obtuse
    Security Profile mechanism and other settings, including the inetd
    setting, and NFS server configuration.  As features become
    individually tunable, they should probably be removed from the
    security profile mechanism.  Otherwise, somewhat counter-intuitively,
    sysinstall (in practice) queries multiple times whether inetd, nfsd,
    etc, should be enabled/disabled.  A possible future direction might
    be to drive profiles not by degree of paranoia, rather, the set
    of services desired.  Or simply to remove the Security Profile
    mechanism and resort to feature-driven configuration.

Reviewed by:	imp, chris, jake, nate, -arch, -stable
2001-08-02 03:25:16 +00:00
Andrey A. Chernov
3670a10826 Add ability to configure console terminal type in /etc/ttys
Reviewed by:	audit, jkh's silence
2001-07-17 04:09:50 +00:00
Kris Kennaway
a015c9348c Mark relevant functions __printflike()/__printf0like() and silence some of
the non-constant format string warnings.

MFC after:	1 week
2001-07-05 09:51:09 +00:00
Dima Dorfman
13704ca508 Introduce DEVICE_INIT, DEVICE_GET, and DEVICE_SHUTDOWN macros. As the
names suggest, they perform methods on Device's.  In addition, they
check that the pointer passed to them is valid; if it isn't, they
pretend that the action failed.  This fixes some crashes due to NULL
dereferences (e.g., PR 26509).

Approved by:	jkh (some time ago)
2001-07-02 00:18:04 +00:00
Jimmy Olgeni
f3a6406c66 Add terminal type configuration to the Options screen. It allows selecting
a monochrome display after booting into sysinstall, if you have any trouble
with the default color scheme.

Approved by:	jkh
MFC after:	2 weeks
2001-06-13 10:25:09 +00:00
Jordan K. Hubbard
047d337348 Fix what was clearly a 3am brain-o; Boolean should be signed, not
unsigned.  C is kinda loose about this sort of thing but it's no excuse.

Spotted by:	kenny
2001-05-09 08:01:56 +00:00
Jordan K. Hubbard
061de247e0 Allow a script-using to disable the emergency holographic shell as
a security measure.

Requested by:	"David E. Cross" <crossd@enterprise.cs.rpi.edu>
2001-03-12 21:26:06 +00:00
Jordan K. Hubbard
b2cb10e515 Support setting soft updates from the label editor. 2001-03-10 19:51:04 +00:00
Peter Wemm
8ca420e7fa Ack! I finally got annoyed enough to actually kill this. There is no
need to manually force the network_interfaces variable in /etc/rc.conf,
and it only ever gets in the way.  rc.network and rc.network6 DTRT with
the default of 'auto'.  This should have died over a year ago.
2001-03-02 08:15:41 +00:00
Jordan K. Hubbard
621005e3cb Adapt sysinstall to use the new msgNoYes() function which assumes
no as a default.  Sysinstall should be both less dangerous and less
annoying as a result of this change, though that's just my opinion
(since they're the defaults which annoy ME the least :).
2000-12-14 02:49:02 +00:00
Tatsumi Hosokawa
b1d6bbc98d release/sysinstall/lndir.c has not been used, but statically linked
to sysinstall for long time.  Remove it.
2000-11-06 09:28:54 +00:00
Tatsumi Hosokawa
b98c5f70ff Moved driver modules for some PCI NICs and PCCARD-only NICs to mfsroot.flp.
http://people.freebsd.org/~hosokawa/driver-floppy/ for details.

Reviewed by:	current@FreeBSD.org
2000-10-31 07:39:07 +00:00
Eivind Eklund
dd92980bbd Teach sysinstall how to restart itself on Ctrl-C (as an addition to its old
tricks of rebooting and continuing where it was.)

Reviewed by:	jkh, jhb
2000-10-29 09:57:50 +00:00
Jordan K. Hubbard
042c61e58d Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).

Submitted mostly by:	Tony Finch <dot@dotat.at>
2000-10-14 21:02:31 +00:00
Jordan K. Hubbard
bd7064a794 Fix the http proxy fetch code.
Submitted by:	Philipp Mergenthaler <p@i609.hadiko.de>
PR:		21449
2000-09-25 20:19:43 +00:00
Jordan K. Hubbard
b9d13dac47 One whack at the idea of having "security profiles" which select the
appropriate(?) defaults for "low", "medium" and "high" security
environments.  Medium is basically what we currently have with a little
seat-belt tightening where it made sense.  Low is the same as medium but
without the tightening.  High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
2000-09-22 19:12:41 +00:00
Jordan K. Hubbard
cf07fd263a Terminate, with extreme prejudice, the USAResident hack which
does bad things to /etc/make.conf in certain situations.  Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
2000-07-24 18:00:16 +00:00
Jordan K. Hubbard
b0b1485813 Add a terminal entry for xterm; a lot of people are using xterms
in the serial-installation of FreeBSD.
2000-07-21 20:45:56 +00:00
David E. O'Brien
7090abf525 Allow the Fix-it functionality to detect that we are on a serial console,
and DTRT rather than start the fixit shell on a non-existant vty.

PR:	19837
Submitted by:	Doug Ambrisko <ambrisko@whistle.com>
Approved by:	JKH
2000-07-18 09:14:06 +00:00
Hajimu UMEMOTO
2931df8a40 IPv6 support.
IPv6 configuration is only done by rtsol.  Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time.  ftp7.jp speaks IPv4 as well and also listed as
Japan #7.

Approved by:	jkh
2000-07-14 08:33:10 +00:00
Yoshihiro Takahashi
a40915d750 - Remove obsolete PC-card boot.flp hack. It was for making both PC-card
boot.flp and plain boot.flp.
- Clean up crunchgen related routine.

- Add PC-98 support.
  TODO:
    o Documentation
    o Fix some messages for PC-98
    o Decrease the size of fixit.flp to 1.2MB
    o I18N (See: http://www.jp.FreeBSD.org/BootAsia/index.html)

No response from jkh
2000-06-05 13:17:23 +00:00
David E. O'Brien
9ee6ec34ef Add an option to select the Fix-it tty. The current behavior is utterly
*useless* on serial consoled machines.
2000-05-16 22:05:32 +00:00
John Baldwin
9f8b8491c9 Add support for USB to sysinstall. This includes running usbd and
setting 'usbd_enable' in rc.conf during nwe installs if USB is detected.
Also, since usbd already handles USB mice automatically, note that the
mouse setup section in sysinstall only applies to non-USB mice.
2000-05-12 03:01:17 +00:00
Murray Stokely
471d7061ad PR: 17559
Approved by:	jkh

  You can't enable 'emulate 3 button' option for moused in sysinstall.
This adds a menu option to set moused_flags and the help text explains
that entering "-3" will enable this feature.
2000-04-08 03:04:32 +00:00
Jordan K. Hubbard
c87413f73b Remove PkgInteractive hack - it won't work like this. 2000-03-12 03:57:26 +00:00
Jordan K. Hubbard
7140b4def8 o Add support for loading the rsaref or rsaintl packages, depending
on locale.

o Allow use of "G" in label editor to stand for gigabytes. This
  is actually an unrelated patch which I meant to commit separately
  but what the heck, it's late.

Partially submitted by:	phk
2000-02-29 10:40:59 +00:00
Jordan K. Hubbard
88007fd897 Revise this for the brave new world of "crypto"
Submitted by:	markm
Approved by:	me!
2000-02-29 09:09:36 +00:00
Jordan K. Hubbard
da8a39382b If user says they're in the USA, record that fact in /etc/make.conf 2000-02-19 23:22:22 +00:00
Jordan K. Hubbard
be4a40d0eb Don't call it a Novice install, call it Standard.
Also say thousands of packages, not hundreds.
2000-02-18 07:09:45 +00:00
David E. O'Brien
2af3c5f687 * add SVR4 and OSF/1 enabling in the Start Up config menu
* deals with X11 install when all we have is the Port (such as on the Alpha)

Ok'ed by:	JKH
2000-01-18 15:50:23 +00:00
Tatsumi Hosokawa
cb4ec7028b Eliminate PC-card installation floppy and add PC-card support for
generic installation floppy.
2000-01-14 02:17:57 +00:00
Jordan K. Hubbard
98bfd247d1 Add support for FTP installation via HTTP proxies.
Submitted by:	Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
PR:		11316
2000-01-04 04:50:07 +00:00
Jordan K. Hubbard
bc775f8b25 Allow distributions to be excluded more easily in scripts.
Submitted by:	Brian Dean <brdean@unx.sas.com>
1999-11-08 11:51:57 +00:00
Jordan K. Hubbard
68318acfc3 It's "router_flags" not "routerflags"
Submitted by:	kasey@ambernetworks.com
PR:		13534
1999-09-02 11:55:11 +00:00
Jordan K. Hubbard
3910e95363 Oh crud, did I ever screw the pooch! Rather than sync this with -stable,
I backed-out the changes in -current and didn't touch stable at all (I
thought I had my patch order reversed, not what actually happened).
AIEEE!  I can't even blame the crack for this one since I broke my
crack pipe a few weeks ago.  I think sleep deprivation gets the blame
for this one.

Medal for noticing this one goes to:	Jim Bloom <bloom@acm.org>
1999-09-02 00:51:16 +00:00
Jordan K. Hubbard
d03dcaa779 MFC: Catch 3.2-stable sysinstall up to 4.0-current level functionality,
bringing in DHCP support.  The only thing I left out were Poul-Henning's
newfs changes since I'm not sure if he's brought the rest of that support
into -stable yet.  If it turns out that this is the case, I'll MFC those
changes too.
1999-09-01 04:29:30 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Poul-Henning Kamp
8a9b8e429b Make the newfs parameters a global option.
The default is still "-b 8192 -f 1024" but my experiments show that
"-b 16384 -f 4096 -c 100" is a more sensible value for modern
disksizes.
1999-08-05 19:50:26 +00:00
Brian Somers
51f80ae148 Add a default ppp.conf (mode 600).
Originally submitted by: Wayne Self <wself@cdrom.com>

Allow a ppp startup option in rc.conf.

Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.

Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
1999-07-26 10:49:37 +00:00
Jordan K. Hubbard
ad183257e6 Another batch of fixes for dhcp support in sysinstall, now dragging
in some code from C. Stone to parse the lease information.  This is still
a WIP and this commit is largely intended to allow others to sync up; the
dhclient code still only works when doing dhcp configuration post-install
and requires a bit more work on the boot floppy before it will truly
work in the minimal bootstrapping role.
1999-07-19 10:06:18 +00:00
Jordan K. Hubbard
43d5ccb239 Some additional optimizations for using DHCP. 1999-07-18 10:18:06 +00:00
Jordan K. Hubbard
605c88e44b Re-enable DHCP client support again (but optional and turned off by default
for the time being) for debugging purposes.

Fix bug in options selection.
1999-07-16 11:13:09 +00:00
Jordan K. Hubbard
2618634bae Add an option for more fully enabling linux compatibility. 1999-07-06 08:45:40 +00:00
Jordan K. Hubbard
7050843886 Eliminate some varargs abuse. 1999-07-02 22:36:14 +00:00
Jordan K. Hubbard
0550320175 Do a clean-up pass on error/warning messages. 1999-05-27 10:32:50 +00:00
Jordan K. Hubbard
b7f708e677 o Prevent alpha installs from grabbing x86 bits and vice-versa, at least
on CDs and FTP sites.

o Collapse some redundant code.

o Fix typo'd menu.

o Restrict searches properly to packages rather than categories.

o Small tweaks to signal handling.

All RELENG_3 candidates.
1999-05-15 14:34:22 +00:00
Jordan K. Hubbard
b9ad2ee3d4 Completely change the way package_add() does its work. Now we
handle dependencies at a lower level and use package add for this.
Also made index searches stricter.
1999-05-12 09:02:37 +00:00