System Hardening Options Post-Install?

1MachineElf

New Member

Reaction score: 1
Messages: 2

The System Hardening Options presented at install time - if one wished to keep these disabled at install time and then selectively enable them after installing, what is the method for doing so?

I am doing a FreeBSD 12 install and was hoping to see instructions on how to do that in the 2.8.4. Enabling Hardening Security Options section of the handbook, but it's not described there.

Maybe the functions used by this portion of the installer would give a clue of how do perform these changes. Can someone please direct me on where in the FreeBSD 12 code base these can be found?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,135
Messages: 33,711

if one wished to keep these disabled at install time and then selectively enable them after installing, what is the method for doing so?
Edit /etc/sysctl.conf, that's where most (if not all) of them end up.
 

eldaemon

Member

Reaction score: 9
Messages: 87

I think this is most of them, if you select them all.

Code:
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.see_jail_proc=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=1
And then in rc.conf:

Code:
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
 
Top