author: Jordan K. Hubbard <jkh@FreeBSD.org> 2000-09-24 06:55:56 +0000
committer: Jordan K. Hubbard <jkh@FreeBSD.org> 2000-09-24 06:55:56 +0000
commit: abe19b75db11395600171d5808e791e49efb2a2d (patch)
tree: 0292e3d8618235e3291683ab1668b3b413c3f2e6
parent: 6215d5989e8ddafb0561db0e35f03f8ad6f89726 (diff)
9 files changed, 273 insertions, 232 deletions
diff --git a/release/sysinstall/Makefile b/release/sysinstall/Makefile
index 902d84a1a8e6..ee75e66d9afd 100644
--- a/release/sysinstall/Makefile
+++ b/release/sysinstall/Makefile
@@ -18,13 +18,12 @@ SRCS=	anonFTP.c cdrom.c command.c config.c devices.c dhcp.c kget.c \
 	wizard.c keymap.h
 
 CFLAGS+= -Wall -I${.CURDIR}/../../gnu/lib/libdialog -I${.OBJDIR}
-CFLAGS+= -I${.CURDIR}/../../sys
 .if ${MACHINE} == "pc98"
 CFLAGS+= -DPC98
 .endif
 
-DPADD=	${LIBDIALOG} ${LIBNCURSES} ${LIBMYTINFO} ${LIBUTIL} ${LIBDISK} ${LIBFTPIO}
-LDADD=	-ldialog -lncurses -lmytinfo -lutil -ldisk -lftpio
+DPADD=	${LIBDIALOG} ${LIBNCURSES} ${LIBUTIL} ${LIBDISK} ${LIBFTPIO}
+LDADD=	-ldialog -lncurses -lutil -ldisk -lftpio
 
 makedevs.c:	Makefile rtermcap keymap.h
 	rm -f makedevs.tmp
diff --git a/release/sysinstall/config.c b/release/sysinstall/config.c
index 8ce295ba0e14..ab56c81e3ab0 100644
--- a/release/sysinstall/config.c
+++ b/release/sysinstall/config.c
@@ -388,10 +388,6 @@ configRC_conf(void)
 	fprintf(rcSite, "# This file now contains just the overrides from /etc/defaults/rc.conf\n");
 	fprintf(rcSite, "# please make all changes to this file.\n\n");
 	fprintf(rcSite, "# Enable network daemons for user convenience.\n");
-	fprintf(rcSite, "inetd_enable=\"YES\"\n");
-	fprintf(rcSite, "portmap_enable=\"YES\"\n");
-	fprintf(rcSite, "sendmail_enable=\"YES\"\n");
-	fprintf(rcSite, "sshd_enable=\"YES\"\n");
     }
 
     /* Now do variable substitutions */
@@ -470,6 +466,98 @@ configLinux(dialogMenuItem *self)
     return i;
 }
 
+int
+configSecurityProfile(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurityProfile, FALSE); 
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+/* Use the most fascist security settings */
+int
+configSecurityFascist(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    variable_set2("inetd_enable", "NO", 1);
+    variable_set2("portmap_enable", "NO", 1);
+    variable_set2("sendmail_enable", "NO", 1);
+    variable_set2("sshd_enable", "NO", 1);
+    variable_set2("nfs_server_enable", "NO", 1);
+    variable_set2("kern_securelevel_enable", "YES", 1);
+    variable_set2("kern_securelevel", "2", 1);
+    /* More fascist stuff should go here */
+
+    if (self)
+	msgConfirm("High security settings have been selected.\n\n"
+	    "This means that most \"popular\" network services and\n"
+	    "mechanisms like inetd(8) have been DISABLED by default.\n\n"
+	    "PLEASE NOTE that this still does not save you from having\n"
+	    "to properly secure your system in other ways or exercise\n"
+	    "due diligence in your administration, this simply picks\n"
+	    "a more secure set of out-of-box defaults to start with.\n\n"
+	    "To change any of these settings later, edit /etc/rc.conf");
+
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurityModerate(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    variable_set2("inetd_enable", "YES", 1);
+    if (!variable_cmp("nfs_client_enable", "YES") ||
+	!variable_cmp("nfs_server_enable", "YES"))
+    	variable_set2("portmap_enable", "YES", 1);
+    if (!variable_cmp("nfs_server_enable", "YES"))
+	variable_set2("nfs_reserved_port_only", "YES", 1);
+    variable_set2("sendmail_enable", "YES", 1);
+    variable_set2("sshd_enable", "YES", 1);
+
+    if (self)
+	msgConfirm("Moderate security settings have been selected.\n\n"
+	    "This means that most \"popular\" network services and\n"
+	    "mechanisms like inetd(8) have been enabled by default\n"
+	    "for a comfortable user experience but with possible\n"
+	    "trade-offs in system security.  If this bothers you and\n"
+	    "you know exactly what you are doing, select the high\n"
+	    "high security profile instead.\n\n"
+	    "To change any of these settings later, edit /etc/rc.conf");
+
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
+configSecurityLiberal(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    variable_set2("inetd_enable", "YES", 1);
+    variable_set2("portmap_enable", "YES", 1);
+    variable_set2("sendmail_enable", "YES", 1);
+    variable_set2("sshd_enable", "YES", 1);
+
+    if (self)
+	msgConfirm("Liberal security settings have been selected.\n\n"
+	    "This means that most \"popular\" network services and\n"
+	    "mechanisms like inetd(8) have been enabled by default\n"
+	    "for the most comfortable user experience but with possible\n"
+	    "trade-offs in system security.  If this bothers you, select\n"
+	    "the medium security profile or, if you know exactly what you\n"
+	    "are doing, the high security profile instead.\n\n"
+	    "To change any of these settings later, edit /etc/rc.conf");
+
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
 static void
 write_root_xprofile(char *str)
 {
diff --git a/release/sysinstall/devices.c b/release/sysinstall/devices.c
index f99003924036..fcbf7bcc3a15 100644
--- a/release/sysinstall/devices.c
+++ b/release/sysinstall/devices.c
@@ -60,34 +60,26 @@ static struct _devname {
     char *name;
     char *description;
     int major, minor, delta, max;
-    char dev_type;
 } device_names[] = {
-    { DEVICE_TYPE_CDROM,	"cd%dc",	"SCSI CDROM drive",	6, 2, 8, 4, 'b'				},
-    { DEVICE_TYPE_CDROM,	"mcd%da",	"Mitsumi (old model) CDROM drive",	7, 0, 8, 4, 'b'		},
-    { DEVICE_TYPE_CDROM,	"scd%da",	"Sony CDROM drive - CDU31/33A type",	16, 0, 8, 4, 'b'	},
+    { DEVICE_TYPE_CDROM,	"cd%dc",	"SCSI CDROM drive",	15, 2, 8, 4 				},
+    { DEVICE_TYPE_CDROM,	"mcd%da",	"Mitsumi (old model) CDROM drive",	29, 0, 8, 4	 	},
+    { DEVICE_TYPE_CDROM,	"scd%da",	"Sony CDROM drive - CDU31/33A type",	45, 0, 8, 4 		},
 #ifdef notdef
-    { DEVICE_TYPE_CDROM,	"matcd%da",	"Matsushita CDROM ('sound blaster' type)", 17, 0, 8, 4, 'b'	},
+    { DEVICE_TYPE_CDROM,	"matcd%da",	"Matsushita CDROM ('sound blaster' type)", 46, 0, 8, 4 		},
 #endif
-    { DEVICE_TYPE_CDROM,	"acd%dc",	"ATAPI/IDE CDROM",	31, 2, 8, 4, 'b'			},
-    { DEVICE_TYPE_TAPE, 	"rsa%d",	"SCSI tape drive",	14, 0, 16, 4, 'c'			},
-    { DEVICE_TYPE_TAPE, 	"rwt%d",	"Wangtek tape drive",	10, 0, 1, 4, 'c'			},
-    { DEVICE_TYPE_DISK, 	"da%d",		"SCSI disk device",	4, 65538, 8, 16, 'b'			},
-    { DEVICE_TYPE_DISK, 	"rda%d",	"SCSI disk device",	13, 65538, 8, 16, 'c'			},
-    { DEVICE_TYPE_DISK, 	"ad%d",		"ATA/IDE disk device",	30, 65538, 8, 16, 'b'	},
-    { DEVICE_TYPE_DISK, 	"rad%d",	"ATA/IDE disk device",	116, 65538, 8, 16, 'c'	},
-    { DEVICE_TYPE_DISK, 	"fla%d",	"M-Systems DiskOnChip Flash device", 28, 65538, 8, 16, 'b'	},
-    { DEVICE_TYPE_DISK, 	"rfla%d",	"M-Systems DiskOnChip Flash devicee",	102, 65538, 8, 16, 'c'	},
-    { DEVICE_TYPE_DISK, 	"afd%d",	"ATAPI/IDE floppy device",	32, 65538, 8, 4, 'b'		},
-    { DEVICE_TYPE_DISK, 	"rafd%d",	"ATAPI/IDE floppy device",	118, 65538, 8, 4, 'c'		},
-    { DEVICE_TYPE_DISK, 	"mlxd%d",	"Mylex RAID disk",	27, 65538, 8, 4, 'b'			},
-    { DEVICE_TYPE_DISK, 	"rmlxd%d",	"Mylex RAID disk",	131, 65538, 8, 4, 'c'			},
-    { DEVICE_TYPE_DISK, 	"amrd%d",	"AMI MegaRAID drive",	35, 65538, 8, 4, 'b'			},
-    { DEVICE_TYPE_DISK, 	"ramrd%d",	"AMI MegaRAID drive",	133, 65538, 8, 4, 'c'			},
-    { DEVICE_TYPE_DISK, 	"idad%d",	"Compaq RAID array",	29, 65538, 8, 4, 'b'			},
-    { DEVICE_TYPE_DISK, 	"ridad%d",	"Compaq RAID array",	109, 65538, 8, 4, 'c'			},
-    { DEVICE_TYPE_DISK, 	"rtwed%d",	"3ware ATA RAID array",	147, 65538, 8, 4, 'c'			},
-    { DEVICE_TYPE_FLOPPY,	"fd%d",		"floppy drive unit A",	2, 0, 64, 4, 'b'			},
-    { DEVICE_TYPE_FLOPPY,	"worm%d",	"SCSI optical disk / CDR",	23, 0, 1, 4, 'b'		},
+    { DEVICE_TYPE_CDROM,	"acd%dc",	"ATAPI/IDE CDROM",	117, 2, 8, 4				},
+    { DEVICE_TYPE_TAPE, 	"rsa%d",	"SCSI tape drive",	14, 0, 16, 4				},
+    { DEVICE_TYPE_TAPE, 	"rwt%d",	"Wangtek tape drive",	10, 0, 1, 4				},
+    { DEVICE_TYPE_DISK, 	"da%d",		"SCSI disk device",	13, 65538, 8, 16			},
+    { DEVICE_TYPE_DISK, 	"ad%d",		"ATA/IDE disk device",	116, 65538, 8, 16			},
+    { DEVICE_TYPE_DISK, 	"fla%d",	"M-Systems DiskOnChip Flash devicee",	102, 65538, 8, 16	},
+    { DEVICE_TYPE_DISK, 	"afd%d",	"ATAPI/IDE floppy device",	118, 65538, 8, 4		},
+    { DEVICE_TYPE_DISK, 	"mlxd%d",	"Mylex RAID disk",	131, 65538, 8, 4			},
+    { DEVICE_TYPE_DISK, 	"amrd%d",	"AMI MegaRAID drive",	133, 65538, 8, 4			},
+    { DEVICE_TYPE_DISK, 	"idad%d",	"Compaq RAID array",	109, 65538, 8, 4			},
+    { DEVICE_TYPE_DISK, 	"twed%d",	"3ware ATA RAID array",	147, 65538, 8, 4			},
+    { DEVICE_TYPE_DISK, 	"aacd%d",	"Adaptec FSA RAID array", 151, 65538, 8, 4			},
+    { DEVICE_TYPE_FLOPPY,	"fd%d",		"floppy drive unit A",	9, 0, 64, 4				},
     { DEVICE_TYPE_NETWORK,	"aue",		"ADMtek USB ethernet adapter"					},
     { DEVICE_TYPE_NETWORK,	"cue",		"CATC USB ethernet adapter"					},
     { DEVICE_TYPE_NETWORK,	"fpa",		"DEC DEFPA PCI FDDI card"					},
@@ -104,31 +96,32 @@ static struct _devname {
     { DEVICE_TYPE_NETWORK,	"fe",		"Fujitsu MB86960A/MB86965A ethernet card"			},
     { DEVICE_TYPE_NETWORK,	"ie",		"AT&T StarLAN 10 and EN100; 3Com 3C507; NI5210"			},
     { DEVICE_TYPE_NETWORK,	"ix",		"Intel Etherexpress ethernet card"				},
-    { DEVICE_TYPE_NETWORK,	"kue",		"Kawasaki LSI USB ethernet adapter"					},
+    { DEVICE_TYPE_NETWORK,	"kue",		"Kawasaki LSI USB ethernet adapter"				},
     { DEVICE_TYPE_NETWORK,	"le",		"DEC EtherWorks 2 or 3 ethernet card"				},
     { DEVICE_TYPE_NETWORK,	"lnc",		"Lance/PCnet (Isolan/Novell NE2100/NE32-VL) ethernet"		},
-    { DEVICE_TYPE_NETWORK,	"rl",		"RealTek 8129/8139 PCI ethernet card"		},
-    { DEVICE_TYPE_NETWORK,	"sf",		"Adaptec AIC-6915 PCI ethernet card"		},
-    { DEVICE_TYPE_NETWORK,	"sis",		"SiS 900/SiS 7016 PCI ethernet card"		},
-    { DEVICE_TYPE_NETWORK,	"sn",		"SMC/Megahertz ethernet card"			},
-    { DEVICE_TYPE_NETWORK,	"ste",		"Sundance ST201 PCI ethernet card"		},
-    { DEVICE_TYPE_NETWORK,	"sk",		"SysKonnect PCI gigabit ethernet card"		},
+    { DEVICE_TYPE_NETWORK,	"pcn",		"AMD Am79c79x PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"rl",		"RealTek 8129/8139 PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"sf",		"Adaptec AIC-6915 PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"sis",		"SiS 900/SiS 7016 PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"sn",		"SMC/Megahertz ethernet card"					},
+    { DEVICE_TYPE_NETWORK,	"ste",		"Sundance ST201 PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"sk",		"SysKonnect PCI gigabit ethernet card"				},
     { DEVICE_TYPE_NETWORK,	"tx",		"SMC 9432TX ethernet card"					},
-    { DEVICE_TYPE_NETWORK,	"ti",		"Alteon Networks PCI gigabit ethernet card"		},
+    { DEVICE_TYPE_NETWORK,	"ti",		"Alteon Networks PCI gigabit ethernet card"			},
     { DEVICE_TYPE_NETWORK,	"tl",		"Texas Instruments ThunderLAN PCI ethernet card"		},
-    { DEVICE_TYPE_NETWORK,	"vr",		"VIA VT3043/VT86C100A Rhine PCI ethernet card"				},
+    { DEVICE_TYPE_NETWORK,	"vr",		"VIA VT3043/VT86C100A Rhine PCI ethernet card"			},
     { DEVICE_TYPE_NETWORK,	"vx",		"3COM 3c590 / 3c595 ethernet card"				},
     { DEVICE_TYPE_NETWORK,	"wb",		"Winbond W89C840F PCI ethernet card"				},
     { DEVICE_TYPE_NETWORK,	"xe",		"Xircom/Intel EtherExpress Pro100/16 ethernet card"		},
     { DEVICE_TYPE_NETWORK,	"xl",		"3COM 3c90x / 3c90xB PCI ethernet card"				},
-    { DEVICE_TYPE_NETWORK,	"cuaa%d",	"%s on device %s (COM%d)",	28, 128, 1, 16, 'c'		},
+    { DEVICE_TYPE_NETWORK,	"cuaa%d",	"%s on device %s (COM%d)",	28, 128, 1, 16			},
     { DEVICE_TYPE_NETWORK,	"lp",		"Parallel Port IP (PLIP) peer connection"			},
     { DEVICE_TYPE_NETWORK,	"lo",		"Loop-back (local) network interface"				},
 #ifdef PC98
-    { DEVICE_TYPE_DISK, 	"wd%d",		"IDE disk device",		3, 65538, 8, 16, 'c'	},
-    { DEVICE_TYPE_CDROM,	"wcd%dc",	"ATAPI IDE CDROM",		69, 2, 8, 4, 'c'	},
-    { DEVICE_TYPE_FLOPPY,	"wfd%d",	"ATAPI floppy drive unit A",	87, 0, 8, 4, 'c'	},
-    { DEVICE_TYPE_DISK, 	"wfd%d",	"ATAPI floppy device",		87, 65538, 8, 4, 'c'	},
+    { DEVICE_TYPE_DISK, 	"wd%d",		"IDE disk device",		3, 65538, 8, 16			},
+    { DEVICE_TYPE_CDROM,	"wcd%dc",	"ATAPI IDE CDROM",		69, 2, 8, 4			},
+    { DEVICE_TYPE_FLOPPY,	"wfd%d",	"ATAPI floppy drive unit A",	87, 0, 8, 4			},
+    { DEVICE_TYPE_DISK, 	"wfd%d",	"ATAPI floppy device",		87, 65538, 8, 4			},
 #endif
     { 0 },
 };
@@ -183,11 +176,7 @@ deviceTry(struct _devname dev, char *try, int i)
 	    msgDebug("deviceTry: open of %s succeeded on first try.\n", try);
 	return fd;
     }
-    m = 0640;
-    if (dev.dev_type == 'c')
-	m |= S_IFCHR;
-    else
-	m |= S_IFBLK;
+    m = 0640 | S_IFCHR;
     d = makedev(dev.major, dev.minor + (i * dev.delta));
     if (isDebug())
 	msgDebug("deviceTry: Making %s device for %s [%d, %d]\n", m & S_IFCHR ? "raw" : "block", try, dev.major, dev.minor + (i * dev.delta));
@@ -377,11 +366,7 @@ skipif:
 			snprintf(slice, sizeof slice, "/dev/%ss%d", unit, s);
 			d = makedev(device_names[i].major, device_names[i].minor +
 				    (j * device_names[i].delta) + (s * SLICE_DELTA));
-			m = 0640;
-			if (device_names[i].dev_type == 'c')
-			    m |= S_IFCHR;
-			else
-			    m |= S_IFBLK;
+			m = 0640 | S_IFCHR;
 			fail = mknod(slice, m, d);
 			fd = open(slice, O_RDONLY);
 			if (fd >= 0)
diff --git a/release/sysinstall/dispatch.c b/release/sysinstall/dispatch.c
index 0b388b4873cd..cd64bf059369 100644
--- a/release/sysinstall/dispatch.c
+++ b/release/sysinstall/dispatch.c
@@ -73,7 +73,6 @@ static struct _word {
     { "distSetXUser",		distSetXUser		},
     { "distSetMinimum",		distSetMinimum		},
     { "distSetEverything",	distSetEverything	},
-    { "distSetCRYPTO",		distSetCRYPTO		},
     { "distSetSrc",		distSetSrc		},
     { "distSetXF86",		distSetXF86		},
     { "distExtractAll",		distExtractAll		},
diff --git a/release/sysinstall/dist.c b/release/sysinstall/dist.c
index 61974c8d06a0..e70f446fde48 100644
--- a/release/sysinstall/dist.c
+++ b/release/sysinstall/dist.c
@@ -197,7 +197,6 @@ static Distribution XF86FontDistTable[] = {
 { NULL },
 };
 
-static int	distMaybeSetCRYPTO(dialogMenuItem *self);
 static int	distMaybeSetPorts(dialogMenuItem *self);
 
 static void
@@ -211,7 +210,7 @@ distVerifyFlags(void)
 	Dists |= DIST_CRYPTO;
     }
     else if ((Dists & DIST_CRYPTO) && !CRYPTODists)
-	CRYPTODists |= DIST_CRYPTO_CRYPTO;
+	CRYPTODists |= DIST_CRYPTO_ALL;
     if (XF86Dists & DIST_XF86_SET)
 	XF86ServerDists |= DIST_XF86_SERVER_VGA16;
     if (XF86ServerDists)
@@ -291,7 +290,9 @@ distSetDeveloper(dialogMenuItem *self)
     distReset(NULL);
     Dists = _DIST_DEVELOPER;
     SrcDists = DIST_SRC_ALL;
-    i = distMaybeSetCRYPTO(self) | distMaybeSetPorts(self);
+    CRYPTODists |= (DIST_CRYPTO_SCRYPTO | DIST_CRYPTO_SSECURE |
+	DIST_CRYPTO_SKERBEROS4 | DIST_CRYPTO_SKERBEROS5);
+    i = distMaybeSetPorts(self);
     distVerifyFlags();
     return i;
 }
@@ -315,7 +316,7 @@ distSetKernDeveloper(dialogMenuItem *self)
     distReset(NULL);
     Dists = _DIST_DEVELOPER;
     SrcDists = DIST_SRC_SYS;
-    i = distMaybeSetCRYPTO(self) | distMaybeSetPorts(self);
+    i = distMaybeSetPorts(self);
     distVerifyFlags();
     return i;
 }
@@ -338,7 +339,7 @@ distSetUser(dialogMenuItem *self)
 
     distReset(NULL);
     Dists = _DIST_USER;
-    i = distMaybeSetCRYPTO(self) | distMaybeSetPorts(self);
+    i = distMaybeSetPorts(self);
     distVerifyFlags();
     return i;
 }
@@ -369,50 +370,15 @@ distSetEverything(dialogMenuItem *self)
 
     Dists = DIST_ALL | DIST_XF86;
     SrcDists = DIST_SRC_ALL;
+    CRYPTODists = DIST_CRYPTO_ALL;
     XF86Dists = DIST_XF86_ALL;
     XF86ServerDists = DIST_XF86_SERVER_ALL;
     XF86FontDists = DIST_XF86_FONTS_ALL;
-    i = distMaybeSetCRYPTO(self) | distMaybeSetPorts(self);
+    i = distMaybeSetPorts(self);
     distVerifyFlags();
     return i;
 }
 
-int
-distSetCRYPTO(dialogMenuItem *self)
-{
-    int i;
-
-    dialog_clear_norefresh();
-    if (!dmenuOpenSimple(&MenuCRYPTODistributions, FALSE))
-	i = DITEM_FAILURE;
-    else
-	i = DITEM_SUCCESS;
-    distVerifyFlags();
-    return i | DITEM_REDRAW | DITEM_RESTORE;
-}
-
-static int
-distMaybeSetCRYPTO(dialogMenuItem *self)
-{
-    int i = DITEM_SUCCESS | DITEM_REDRAW;
-
-    dialog_clear_norefresh();
-    if (!msgYesNo("Do you wish to install cryptographic software?\n\n"
-		  "If you choose No, FreeBSD will use an MD5-based password scheme which,\n"
-		  "while more secure, is not interoperable with the traditional\n"
-		  "DES-based passwords used on other Unix systems.\n\n"
-		  "Note that the international crypto distribution has a better\n"
-		  "implementation of the RSA algorithm, which is patented in the U.S.\n"
-		  "If you are in the USA, use crypto + the rsaref port/package\n.")) {
-	if (!dmenuOpenSimple(&MenuCRYPTODistributions, FALSE))
-	    i = DITEM_FAILURE;
-    }
-
-    dialog_clear_norefresh();
-    distVerifyFlags();
-    return i | DITEM_REDRAW | DITEM_RESTORE;
-}
-
 static int
 distMaybeSetPorts(dialogMenuItem *self)
 {
diff --git a/release/sysinstall/install.c b/release/sysinstall/install.c
index 67399ca3f46d..14232c75289a 100644
--- a/release/sysinstall/install.c
+++ b/release/sysinstall/install.c
@@ -472,6 +472,9 @@ installExpress(dialogMenuItem *self)
 
     if (DITEM_STATUS((i = installCommit(self))) == DITEM_SUCCESS) {
 	i |= DITEM_LEAVE_MENU;
+	/* Set default security level */
+	configSecurityModerate(NULL);
+
 	/* Give user the option of one last configuration spree */
 	installConfigure();
     }
@@ -560,10 +563,12 @@ nodisks:
 		 "between interfaces)?"))
 	variable_set2("gateway_enable", "YES", 1);
 
+    dialog_clear_norefresh();
     if (msgYesNo("Do you want to grant only normal users FTP access to this\n"
 	         "host (e.g. no anonymous FTP connections)?"))
 	configAnonFTP(self);
 
+    dialog_clear_norefresh();
     if (!msgYesNo("Do you want to configure this machine as an NFS server?"))
 	configNFSServer(self);
 
@@ -571,6 +576,13 @@ nodisks:
     if (!msgYesNo("Do you want to configure this machine as an NFS client?"))
 	variable_set2("nfs_client_enable", "YES", 1);
 
+    if (msgYesNo("Do you want to select a default security profile for\n"
+	         "this host (\"medium\" security being the default)?"))
+	configSecurityProfile(self);
+    else
+	configSecurityModerate(self);
+
+    dialog_clear_norefresh();
     if (!msgYesNo("Would you like to customize your system console settings?"))
 	dmenuOpenSimple(&MenuSyscons, FALSE);
 
@@ -632,6 +644,9 @@ installCustomCommit(dialogMenuItem *self)
 
     i = installCommit(self);
     if (DITEM_STATUS(i) == DITEM_SUCCESS) {
+	/* Set default security level */
+	configSecurityModerate(NULL);
+
 	/* Give user the option of one last configuration spree */
 	installConfigure();
 	return i;
diff --git a/release/sysinstall/installUpgrade.c b/release/sysinstall/installUpgrade.c
index 1c70020ee811..f82bfb7c0db6 100644
--- a/release/sysinstall/installUpgrade.c
+++ b/release/sysinstall/installUpgrade.c
@@ -78,7 +78,6 @@ static HitList etc_files [] = {
    { JUST_COPY,		"gettytab",		TRUE, NULL },
    { JUST_COPY,		"gnats",		TRUE, NULL },
    { JUST_COPY,		"group",		FALSE, NULL },
-   { JUST_COPY,		"host.conf",		TRUE, NULL },
    { JUST_COPY,		"hosts",		TRUE, NULL },
    { JUST_COPY,		"hosts.equiv",		TRUE, NULL },
    { JUST_COPY,		"hosts.lpd",		TRUE, NULL },
@@ -96,6 +95,7 @@ static HitList etc_files [] = {
    { JUST_COPY,		"namedb",		TRUE, NULL },
    { JUST_COPY,		"networks",		TRUE, NULL },
    { JUST_COPY,		"newsyslog.conf",	TRUE, NULL },
+   { JUST_COPY,		"nsswitch.conf",	TRUE, NULL },
    { JUST_COPY,		"pam.conf",		TRUE, NULL },
    { JUST_COPY,		"passwd",		TRUE, NULL },
    { JUST_COPY,		"periodic",		TRUE, NULL },
diff --git a/release/sysinstall/menus.c b/release/sysinstall/menus.c
index eee9959915a0..053819dfad68 100644
--- a/release/sysinstall/menus.c
+++ b/release/sysinstall/menus.c
@@ -42,6 +42,8 @@ setSrc(dialogMenuItem *self)
 {
     Dists |= DIST_SRC;
     SrcDists = DIST_SRC_ALL;
+    CRYPTODists |= (DIST_CRYPTO_SCRYPTO | DIST_CRYPTO_SSECURE |
+	DIST_CRYPTO_SKERBEROS4 | DIST_CRYPTO_SKERBEROS5);
     return DITEM_SUCCESS | DITEM_REDRAW;
 }
 
@@ -50,22 +52,8 @@ clearSrc(dialogMenuItem *self)
 {
     Dists &= ~DIST_SRC;
     SrcDists = 0;
-    return DITEM_SUCCESS | DITEM_REDRAW;
-}
-
-static int
-setCRYPTO(dialogMenuItem *self)
-{
-    Dists |= DIST_CRYPTO;
-    CRYPTODists = DIST_CRYPTO_ALL;
-    return DITEM_SUCCESS | DITEM_REDRAW;
-}
-
-static int
-clearCRYPTO(dialogMenuItem *self)
-{
-    Dists &= ~DIST_CRYPTO;
-    CRYPTODists = 0;
+    CRYPTODists &= ~(DIST_CRYPTO_SCRYPTO | DIST_CRYPTO_SSECURE |
+	DIST_CRYPTO_SKERBEROS4 | DIST_CRYPTO_SKERBEROS5);
     return DITEM_SUCCESS | DITEM_REDRAW;
 }
 
@@ -121,10 +109,10 @@ clearX11Fonts(dialogMenuItem *self)
 #define _IS_SET(dist, set) (((dist) & (set)) == (set))
 
 #define IS_DEVELOPER(dist, extra) (_IS_SET(dist, _DIST_DEVELOPER | extra) || \
-	_IS_SET(dist, _DIST_DEVELOPER | DIST_CRYPTO | extra))
+	_IS_SET(dist, _DIST_DEVELOPER | extra))
 
 #define IS_USER(dist, extra) (_IS_SET(dist, _DIST_USER | extra) || \
-	_IS_SET(dist, _DIST_USER | DIST_CRYPTO | extra))
+	_IS_SET(dist, _DIST_USER | extra))
 
 static int
 checkDistDeveloper(dialogMenuItem *self)
@@ -171,19 +159,14 @@ checkDistMinimum(dialogMenuItem *self)
 static int
 checkDistEverything(dialogMenuItem *self)
 {
-    return Dists == DIST_ALL && _IS_SET(SrcDists, DIST_SRC_ALL) && \
+    return Dists == DIST_ALL && CRYPTODists == DIST_CRYPTO_ALL && \
+	_IS_SET(SrcDists, DIST_SRC_ALL) && \
 	_IS_SET(XF86Dists, DIST_XF86_ALL) && \
 	_IS_SET(XF86ServerDists, DIST_XF86_SERVER_ALL) && \
 	_IS_SET(XF86FontDists, DIST_XF86_FONTS_ALL);
 }
 
 static int
-CRYPTOFlagCheck(dialogMenuItem *item)
-{
-    return CRYPTODists;
-}
-
-static int
 srcFlagCheck(dialogMenuItem *item)
 {
     return SrcDists;
@@ -225,7 +208,6 @@ DMenu MenuIndex = {
       { " Disklabel",		"The disk Label editor",		NULL, diskLabelEditor },
       { " Dists, All",		"Root of the distribution tree.",	NULL, dmenuSubmenu, NULL, &MenuDistributions },
       { " Dists, Basic",		"Basic FreeBSD distribution menu.",	NULL, dmenuSubmenu, NULL, &MenuSubDistributions },
-      { " Dists, CRYPTO",	"Encryption distribution menu.",		NULL, dmenuSubmenu, NULL, &MenuCRYPTODistributions },
       { " Dists, Developer",	"Select developer's distribution.",	checkDistDeveloper, distSetDeveloper },
       { " Dists, Src",		"Src distribution menu.",		NULL, dmenuSubmenu, NULL, &MenuSrcDistributions },
       { " Dists, X Developer",	"Select X developer's distribution.",	checkDistXDeveloper, distSetXDeveloper },
@@ -275,6 +257,7 @@ DMenu MenuIndex = {
       { " PCNFSD",		"Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" },
       { " Root Password",	"Set the system manager's password.",   NULL, dmenuSystemCommand, NULL, "passwd root" },
       { " Router",		"Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" },
+      { " Security",		"Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile },
       { " Syscons",		"The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons },
       { " Syscons, Font",	"The console screen font.",	  NULL, dmenuSubmenu, NULL, &MenuSysconsFont },
       { " Syscons, Keymap",	"The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap },
@@ -425,70 +408,6 @@ DMenu MenuMouse = {
       { NULL } },
 };
 
-DMenu MenuXF86Config = {
-    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
-    "Please select the XFree86 configuration tool you want to use.",
-#ifdef __alpha__
-    "Due to problems with the VGA16 server right now, only the\n"
-    "text-mode configuration tool (xf86config) is currently supported.",
-#else
-    "The first tool, XF86Setup, is fully graphical and requires the\n"
-    "VGA16 server in order to work (should have been selected by\n"
-    "default, but if you de-selected it then you won't be able to\n"
-    "use this fancy setup tool).  The second tool, xf86config, is\n"
-    "a more simplistic shell-script based tool and less friendly to\n"
-    "new users, but it may work in situations where the fancier one\n"
-    "does not.",
-#endif
-    NULL,
-    NULL,
-    { { "X Exit", "Exit this menu (returning to previous)",
-	NULL, dmenuExit },
-#ifdef __alpha__
-      { "2 xf86config",	"Shell-script based XFree86 configuration tool.",
-	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=xf86config" },
-#else
-      { "2 XF86Setup",	"Fully graphical XFree86 configuration tool.",
-	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=XF86Setup" },
-      { "3 xf86config",	"Shell-script based XFree86 configuration tool.",
-	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=xf86config" },
-      { "4 XF98Setup",	"Fully graphical XFree86 configuration tool (PC98).",
-	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=XF98Setup" },
-#endif
-      { "D XDesktop",	"X already set up, just do desktop configuration.",
-	NULL, dmenuSubmenu, NULL, &MenuXDesktops },
-      { NULL } },
-};
-
-DMenu MenuXDesktops = {
-    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
-    "Please select the default X desktop to use.",
-    "By default, XFree86 comes with a fairly vanilla desktop which\n"
-    "is based around the twm(1) window manager and does not offer\n"
-    "much in the way of features.  It does have the advantage of\n"
-    "being a standard part of X so you don't need to load anything\n"
-    "extra in order to use it.  If, however, you have access to a\n"
-    "reasonably full packages collection on your installation media,\n"
-    "you can choose any one of the following desktops as alternatives.",
-    NULL,
-    NULL,
-    { { "X Exit", "Exit this menu (returning to previous)",
-	NULL, dmenuExit },
-      { "2 KDE",		"The K Desktop Environment.",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=kde" },
-      { "3 GNOME + Afterstep",	"GNOME + Afterstep window manager.",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=gnome" },
-      { "4 GNOME + Enlightenment","GNOME + The E window manager",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=enlightenment" },
-      { "5 Afterstep",	"The Afterstep window manager",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=afterstep" },
-      { "6 Windowmaker",	"The Windowmaker window manager",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=windowmaker" },
-      { "7 fvwm2",		"The fvwm2 window manager",
-	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=fvwm2" },
-      { NULL } },
-};
-
 DMenu MenuMediaCDROM = {
     DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
     "Choose a CDROM type",
@@ -648,6 +567,8 @@ DMenu MenuMediaFTP = {
 	VAR_FTP_PATH "=ftp://ftp4.kr.freebsd.org" },
       { " Korea #5",	"ftp5.kr.freebsd.org", NULL, dmenuSetVariable, NULL,
 	VAR_FTP_PATH "=ftp://ftp5.kr.freebsd.org" },
+      { "Lithuania",	"ftp.lt.freebsd.org", NULL, dmenuSetVariable, NULL,
+	VAR_FTP_PATH "=ftp://ftp.lt.freebsd.org" },
       { "New Zealand",	"ftp.nz.freebsd.org", NULL, dmenuSetVariable, NULL,
 	VAR_FTP_PATH "=ftp://ftp.nz.freebsd.org" },
       { "Norway",	"ftp.no.freebsd.org", NULL, dmenuSetVariable, NULL,
@@ -844,8 +765,17 @@ DMenu MenuSubDistributions = {
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &Dists, '[', 'X', ']', DIST_COMPAT3X },
 #endif
 #endif
-      { " CRYPTO",	"Encryption code - NOT FOR EXPORT!",
-	CRYPTOFlagCheck,distSetCRYPTO },
+      { " crypto",	"Basic encryption services",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_CRYPTO, },
+#if __FreeBSD__ <= 3
+      { " krb",		"KerberosIV authentication services",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS },
+#else
+      { " krb4",	"KerberosIV authentication services",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS4 },
+      { " krb5",	"Kerberos5 authentication services",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS5 },
+#endif
       { " dict",	"Spelling checker dictionary files",
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &Dists, '[', 'X', ']', DIST_DICT },
       { " doc",		"Miscellaneous FreeBSD online docs",
@@ -871,43 +801,6 @@ DMenu MenuSubDistributions = {
       { NULL } },
 };
 
-DMenu MenuCRYPTODistributions = {
-    DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
-    "Select the encryption facilities you wish to install.",
-    "Please check off any special encryption distributions\n"
-    "you would like to install.  Please note that these services are NOT FOR\n"
-    "EXPORT from the United States.  For information on non-U.S. FTP\n"
-    "distributions of this software, please consult the release notes.",
-    NULL,
-    NULL,
-    { { "X Exit", "Exit this menu (returning to previous)",
-	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
-      { "All",		"Select all of the below",
-	NULL,		setCRYPTO, NULL, NULL, ' ', ' ', ' ' },
-      { "Reset",	"Reset all of the below",
-	NULL,		clearCRYPTO, NULL, NULL, ' ', ' ', ' ' },
-      { " crypto",	"Basic encryption services",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_CRYPTO, },
-#if __FreeBSD__ <= 3
-      { " krb",		"KerberosIV authentication services",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS },
-#else
-      { " krb4",	"KerberosIV authentication services",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS4 },
-      { " krb5",	"Kerberos5 authentication services",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_KERBEROS5 },
-#endif
-      { " skrb4",	"Sources for KerberosIV",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SKERBEROS4 },
-      { " skrb5",	"Sources for Kerberos5",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SKERBEROS5 },
-      { " ssecure",	"BSD encryption sources",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SSECURE },
-      { " scrypto",	"Contributed encryption sources",
-	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SCRYPTO },
-      { NULL } },
-};
-
 DMenu MenuSrcDistributions = {
     DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
     "Select the sub-components of src you wish to install.",
@@ -943,8 +836,16 @@ DMenu MenuSrcDistributions = {
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &SrcDists, '[', 'X', ']', DIST_SRC_BIN },
       { " sbin",	"/usr/src/sbin (system binaries)",
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &SrcDists, '[', 'X', ']', DIST_SRC_SBIN },
+      { " scrypto",	"/usr/src/crypto (contrib encryption sources)",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SCRYPTO },
       { " share",	"/usr/src/share (documents and shared files)",
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &SrcDists, '[', 'X', ']', DIST_SRC_SHARE },
+      { " skrb4",	"/usr/src/kerberosIV (sources for KerberosIV)",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SKERBEROS4 },
+      { " skrb5",	"/usr/src/kerberos5 (sources for Kerberos5)",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SKERBEROS5 },
+      { " ssecure",	"/usr/src/secure (BSD encryption sources)",
+	dmenuFlagCheck,	dmenuSetFlag, NULL, &CRYPTODists, '[', 'X', ']', DIST_CRYPTO_SSECURE },
       { " sys",		"/usr/src/sys (FreeBSD kernel)",
 	dmenuFlagCheck,	dmenuSetFlag, NULL, &SrcDists, '[', 'X', ']', DIST_SRC_SYS },
       { " tools",	"/usr/src/tools (miscellaneous tools)",
@@ -956,6 +857,70 @@ DMenu MenuSrcDistributions = {
       { NULL } },
 };
 
+DMenu MenuXF86Config = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Please select the XFree86 configuration tool you want to use.",
+#ifdef __alpha__
+    "Due to problems with the VGA16 server right now, only the\n"
+    "text-mode configuration tool (xf86config) is currently supported.",
+#else
+    "The first tool, XF86Setup, is fully graphical and requires the\n"
+    "VGA16 server in order to work (should have been selected by\n"
+    "default, but if you de-selected it then you won't be able to\n"
+    "use this fancy setup tool).  The second tool, xf86config, is\n"
+    "a more simplistic shell-script based tool and less friendly to\n"
+    "new users, but it may work in situations where the fancier one\n"
+    "does not.",
+#endif
+    NULL,
+    NULL,
+    { { "X Exit", "Exit this menu (returning to previous)",
+	NULL, dmenuExit },
+#ifdef __alpha__
+      { "2 xf86config",	"Shell-script based XFree86 configuration tool.",
+	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=xf86config" },
+#else
+      { "2 XF86Setup",	"Fully graphical XFree86 configuration tool.",
+	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=XF86Setup" },
+      { "3 xf86config",	"Shell-script based XFree86 configuration tool.",
+	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=xf86config" },
+      { "4 XF98Setup",	"Fully graphical XFree86 configuration tool (PC98).",
+	NULL, dmenuSetVariable, NULL, VAR_XF86_CONFIG "=XF98Setup" },
+#endif
+      { "D XDesktop",	"X already set up, just do desktop configuration.",
+	NULL, dmenuSubmenu, NULL, &MenuXDesktops },
+      { NULL } },
+};
+
+DMenu MenuXDesktops = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Please select the default X desktop to use.",
+    "By default, XFree86 comes with a fairly vanilla desktop which\n"
+    "is based around the twm(1) window manager and does not offer\n"
+    "much in the way of features.  It does have the advantage of\n"
+    "being a standard part of X so you don't need to load anything\n"
+    "extra in order to use it.  If, however, you have access to a\n"
+    "reasonably full packages collection on your installation media,\n"
+    "you can choose any one of the following desktops as alternatives.",
+    NULL,
+    NULL,
+    { { "X Exit", "Exit this menu (returning to previous)",
+	NULL, dmenuExit },
+      { "2 KDE",		"The K Desktop Environment.",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=kde" },
+      { "3 GNOME + Afterstep",	"GNOME + Afterstep window manager.",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=gnome" },
+      { "4 GNOME + Enlightenment","GNOME + The E window manager",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=enlightenment" },
+      { "5 Afterstep",	"The Afterstep window manager",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=afterstep" },
+      { "6 Windowmaker",	"The Windowmaker window manager",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=windowmaker" },
+      { "7 fvwm2",		"The fvwm2 window manager",
+	NULL, dmenuSetVariable, NULL, VAR_DESKSTYLE "=fvwm2" },
+      { NULL } },
+};
+
 DMenu MenuXF86Select = {
     DMENU_NORMAL_TYPE,
     "XFree86 3.3.6 Distribution",
@@ -1254,6 +1219,8 @@ DMenu MenuConfigure = {
 	NULL,	dmenuSubmenu, NULL, &MenuMouse, NULL },
       { " Networking",	"Configure additional network services",
 	NULL,	dmenuSubmenu, NULL, &MenuNetworking },
+      { " Security",	"Select default system security profile",
+	NULL,	dmenuSubmenu, NULL, &MenuSecurityProfile },
       { " Startup",	"Configure system startup options",
 	NULL,	dmenuSubmenu, NULL, &MenuStartup },
       { " Options",	"View/Set various installation options",
@@ -1340,6 +1307,8 @@ DMenu MenuNetworking = {
 	dmenuVarCheck,	configAnonFTP, NULL, "anon_ftp" },
       { " Gateway",	"This machine will route packets between interfaces",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "gateway_enable=YES" },
+      { " inetd",	"This machine wants to run the inet daemon",
+	dmenuVarCheck,	dmenuToggleVariable, NULL, "inetd_enable=YES" },
       { " NFS client",	"This machine will be an NFS client",
 	dmenuVarCheck,	dmenuToggleVariable, NULL, "nfs_client_enable=YES" },
       { " NFS server",	"This machine will be an NFS server",
@@ -1348,6 +1317,8 @@ DMenu MenuNetworking = {
 	dmenuVarCheck,	dmenuSubmenu, NULL, &MenuNTP, '[', 'X', ']', "ntpdate_enable=YES" },
       { " PCNFSD",	"Run authentication server for clients with PC-NFS.",
 	dmenuVarCheck,	configPCNFSD, NULL, "pcnfsd" },
+      { " portmap",	"This machine wants to run the portmapper daemon",
+	dmenuVarCheck,	dmenuToggleVariable, NULL, "portmap_enable=YES" },
       { " Routed",	"Select routing daemon (default: routed)",
 	dmenuVarCheck,	configRouter, NULL, "router_enable=YES" },
       { " Rwhod",	"This machine wants to run the rwho daemon",
@@ -1369,7 +1340,7 @@ DMenu MenuNTP = {
     "close to you to have your system time synchronized accordingly.",
     "These are the primary open-access NTP servers",
     NULL,
-    { { "None",		        "No ntp server",
+    { { "None",		        "No NTP server",
 	dmenuVarsCheck,	dmenuSetVariables, NULL, 
 	"ntpdate_enable=NO,ntpdate_flags=none" },
       { "Other",		"Select a site not on this list",
@@ -1625,6 +1596,21 @@ DMenu MenuUsermgmt = {
       { NULL } },
 };
 
+DMenu MenuSecurityProfile = {
+    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
+    "Default system security profile",
+    "Each item in this list will set what it considers to\n"
+    "be \"appropriate\" values in that category for various\n"
+    "security-related knobs in /etc/rc.conf.",
+    "Select a canned security profile.",
+    NULL,
+    { { "X Exit",	"Exit this menu (returning to previous)", NULL, configSecurityModerate },
+      { "Low",		"Fairly wide-open (little) security.", NULL, configSecurityLiberal },
+      { "Medium",	"Moderate security settings [DEFAULT].", NULL, configSecurityModerate },
+      { "High",		"Very restrictive security settings.", NULL, configSecurityFascist },
+      { NULL } },
+};
+
 DMenu MenuFixit = {
     DMENU_NORMAL_TYPE,
     "Please choose a fixit option",
diff --git a/release/sysinstall/sysinstall.h b/release/sysinstall/sysinstall.h
index d44b8cb10938..5049470806c0 100644
--- a/release/sysinstall/sysinstall.h
+++ b/release/sysinstall/sysinstall.h
@@ -375,6 +375,7 @@ extern DMenu		MenuMediaFTP;		/* FTP media menu				*/
 extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
+extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
 extern DMenu		MenuSysconsFont;	/* System console font configuration menu	*/
@@ -387,7 +388,6 @@ extern DMenu		MenuInstallCustom;	/* Custom Installation menu			*/
 extern DMenu		MenuDistributions;	/* Distribution menu				*/
 extern DMenu		MenuDiskDevices;	/* Disk type devices				*/
 extern DMenu		MenuSubDistributions;	/* Custom distribution menu			*/
-extern DMenu		MenuCRYPTODistributions;/* Encryption distribution menu			*/
 extern DMenu		MenuSrcDistributions;	/* Source distribution menu			*/
 extern DMenu		MenuXF86;		/* XFree86 main menu				*/
 extern DMenu		MenuXF86Select;		/* XFree86 distribution selection menu		*/
@@ -443,6 +443,10 @@ extern int	configRouter(dialogMenuItem *self);
 extern int	configPCNFSD(dialogMenuItem *self);
 extern int	configNFSServer(dialogMenuItem *self);
 extern int	configWriteRC_conf(dialogMenuItem *self);
+extern int	configSecurityProfile(dialogMenuItem *self);
+extern int	configSecurityFascist(dialogMenuItem *self);
+extern int	configSecurityModerate(dialogMenuItem *self);
+extern int	configSecurityLiberal(dialogMenuItem *self);
 
 /* crc.c */
 extern int	crc(int, unsigned long *, unsigned long *);
@@ -496,7 +500,6 @@ extern int	distSetUser(dialogMenuItem *self);
 extern int	distSetXUser(dialogMenuItem *self);
 extern int	distSetMinimum(dialogMenuItem *self);
 extern int	distSetEverything(dialogMenuItem *self);
-extern int	distSetCRYPTO(dialogMenuItem *self);
 extern int	distSetSrc(dialogMenuItem *self);
 extern int	distSetXF86(dialogMenuItem *self);
 extern int	distExtractAll(dialogMenuItem *self);
author	Jordan K. Hubbard <jkh@FreeBSD.org>	2000-09-24 06:55:56 +0000
committer	Jordan K. Hubbard <jkh@FreeBSD.org>	2000-09-24 06:55:56 +0000
commit	abe19b75db11395600171d5808e791e49efb2a2d (patch)
tree	0292e3d8618235e3291683ab1668b3b413c3f2e6
parent	6215d5989e8ddafb0561db0e35f03f8ad6f89726 (diff)