2024-03-01 02:29:43 +01:00
|
|
|
## About
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-20 21:28:59 +01:00
|
|
|
bsdcontrol.rb provides Ruby bindings for libhbsdcontrol from the
|
2024-05-12 05:23:45 +02:00
|
|
|
[HardenedBSD](https://HardenedBSD.org) project.
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-01 02:29:43 +01:00
|
|
|
## Examples
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-08 05:36:06 +01:00
|
|
|
__Features__
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-05-12 05:23:45 +02:00
|
|
|
The first example prints a list of HardenedBSD features that
|
2024-05-12 06:06:51 +02:00
|
|
|
can be enabled, disabled or restored to the system default
|
|
|
|
setting:
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-01 02:29:43 +01:00
|
|
|
``` ruby
|
|
|
|
#!/usr/bin/env ruby
|
2024-05-01 18:10:56 +02:00
|
|
|
# Required privileges: user, superuser
|
2024-04-09 21:34:12 +02:00
|
|
|
require "bsdcontrol"
|
2024-03-01 02:29:43 +01:00
|
|
|
BSD::Control
|
|
|
|
.available_features
|
|
|
|
.each do
|
|
|
|
print "The ", _1.name, " feature is available", "\n"
|
|
|
|
end
|
2024-03-01 02:28:22 +01:00
|
|
|
```
|
|
|
|
|
2024-03-08 05:36:06 +01:00
|
|
|
__Enable__
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-30 07:36:36 +01:00
|
|
|
The following example enables the mprotect feature for the emacs binary. When
|
2024-03-20 21:51:02 +01:00
|
|
|
a feature is enabled for a given file, that setting takes precendence
|
2024-03-30 07:36:36 +01:00
|
|
|
over the system default. The system default can be restored with
|
|
|
|
[BSD::Control::Feature#sysdef!](http://0x1eef.github.io/x/bsdcontrol.rb/BSD/Control/Feature.html#sysdef!-instance_method):
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-01 02:29:43 +01:00
|
|
|
``` ruby
|
|
|
|
#!/usr/bin/env ruby
|
2024-05-01 18:10:56 +02:00
|
|
|
# Required privileges: superuser
|
2024-04-09 21:34:12 +02:00
|
|
|
require "bsdcontrol"
|
2024-03-01 02:29:43 +01:00
|
|
|
BSD::Control
|
2024-03-08 05:23:16 +01:00
|
|
|
.feature(:mprotect)
|
2024-03-08 02:35:34 +01:00
|
|
|
.enable!("/usr/local/bin/emacs-29.2")
|
2024-03-01 02:29:43 +01:00
|
|
|
```
|
2024-03-01 02:28:22 +01:00
|
|
|
|
2024-03-08 05:36:06 +01:00
|
|
|
__Status__
|
|
|
|
|
2024-03-20 21:51:02 +01:00
|
|
|
There are five recognized statuses: `unknown`, `enabled`, `disabled`,
|
2024-03-30 07:36:36 +01:00
|
|
|
`sysdef`, and `invalid`. The `sysdef` status indicates that a feature
|
|
|
|
is configured to use the system default, and it is the most common
|
|
|
|
status:
|
2024-03-08 05:36:06 +01:00
|
|
|
|
|
|
|
``` ruby
|
|
|
|
#!/usr/bin/env ruby
|
2024-05-01 18:10:56 +02:00
|
|
|
# Required privileges: superuser
|
2024-04-09 21:34:12 +02:00
|
|
|
require "bsdcontrol"
|
2024-03-08 05:36:06 +01:00
|
|
|
BSD::Control
|
|
|
|
.feature(:mprotect)
|
|
|
|
.status("/bin/ls") # => :sysdef
|
|
|
|
```
|
|
|
|
|
2024-03-08 02:35:34 +01:00
|
|
|
## Documentation
|
|
|
|
|
|
|
|
A complete API reference is available at
|
2024-03-20 21:28:59 +01:00
|
|
|
[0x1eef.github.io/x/bsdcontrol.rb](https://0x1eef.github.io/x/bsdcontrol.rb).
|
2024-03-08 02:35:34 +01:00
|
|
|
|
2024-03-10 14:57:39 +01:00
|
|
|
## Install
|
2024-03-01 02:35:05 +01:00
|
|
|
|
|
|
|
**Rubygems.org**
|
|
|
|
|
2024-05-12 05:23:45 +02:00
|
|
|
bsdcontrol.rb can be installed via rubygems.org:
|
2024-03-01 02:35:05 +01:00
|
|
|
|
2024-03-20 21:28:59 +01:00
|
|
|
gem install bsdcontrol.rb
|
2024-03-01 02:35:05 +01:00
|
|
|
|
2024-03-10 15:22:01 +01:00
|
|
|
## Sources
|
|
|
|
|
2024-03-20 21:28:59 +01:00
|
|
|
* [GitHub](https://github.com/0x1eef/bsdcontrol.rb)
|
|
|
|
* [GitLab](https://gitlab.com/0x1eef/bsdcontrol.rb)
|
2024-05-12 05:23:45 +02:00
|
|
|
* [git.HardenedBSD.org](https://git.HardenedBSD.org/0x1eef/bsdcontrol.rb)
|
2024-03-10 15:22:01 +01:00
|
|
|
|
2024-03-01 02:28:22 +01:00
|
|
|
## License
|
|
|
|
|
2024-03-01 02:29:43 +01:00
|
|
|
[BSD Zero Clause](https://choosealicense.com/licenses/0bsd/).
|
|
|
|
<br>
|
|
|
|
See [LICENSE](./LICENSE).
|
|
|
|
|