On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote:> > > On Aug 8, 2016, at 8:02 AM, Lars Engels <lars.engels at 0x20.net> wrote: > > > > On Mon, Aug 08, 2016 at 02:44:05PM +0000, Glen Barber wrote: > >> On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: > >>> On Sat, Aug 06, 2016 at 09:05:26PM +0000, Glen Barber wrote: > >>>> -----BEGIN PGP SIGNED MESSAGE----- > >>> > >>>> o The new system hardening options have been fixed to avoid overwriting > >>>> other options selected during install time. > >>> > >>> Can those options also get added to "bsdconfig"? > >> > >> You would have to ask the bsdconfig maintainer(s). > >> > > > > Cc'ing dteske. > > > > What aspects of bsdconfig need updating?bsdinstall has a new "hardening" module. AFAIK bsdinstall and bsdconfig share a lot of code, so bsdconfig should probably also offer the "hardening" module. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 603 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160808/299a39f0/attachment.sig>
On 08/08/16 10:43, Lars Engels wrote:> On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: >>> On Aug 8, 2016, at 8:02 AM, Lars Engels <lars.engels at 0x20.net> wrote: >>> >>> On Mon, Aug 08, 2016 at 02:44:05PM +0000, Glen Barber wrote: >>>> On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: >>>>> On Sat, Aug 06, 2016 at 09:05:26PM +0000, Glen Barber wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> o The new system hardening options have been fixed to avoid overwriting >>>>>> other options selected during install time. >>>>> Can those options also get added to "bsdconfig"? >>>> You would have to ask the bsdconfig maintainer(s). >>>> >>> Cc'ing dteske. >>> >> What aspects of bsdconfig need updating? > bsdinstall has a new "hardening" module. AFAIK bsdinstall and bsdconfig > share a lot of code, so bsdconfig should probably also offer the > "hardening" module.The hardening module should probably just be a part of bsdconfig, actually, and an option to open bsdconfig be an option at the end of the installer. -Nathan