0x1eef/bsdcontrol.rb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Ruby bindings for libhbsdcontrol(3)
80 commits 1 branch 0 tags 140 KiB
Ruby 62.2%
C 31.5%
Shell 6.3%
Find a file
0x1eef fd7e5e26f4 Add .editorconfig
2024-05-12 19:11:57 -03:00
.bundle First commit 2024-02-29 22:29:43 -03:00
bin Add ReadmeExamplesTest 2024-05-12 00:53:32 -03:00
ext/bsdcontrol.rb Bump indent width to 4 2024-05-12 19:11:11 -03:00
lib Add standard 2024-05-12 00:59:38 -03:00
share/bsdcontrol.rb/examples Add standard 2024-05-12 00:59:38 -03:00
test Update readme_examples_test.rb 2024-05-12 01:32:20 -03:00
.clang-format Bump indent width to 4 2024-05-12 19:11:11 -03:00
.editorconfig Add .editorconfig 2024-05-12 19:11:57 -03:00
.gitignore First commit 2024-02-29 22:29:43 -03:00
.projectile First commit 2024-02-29 22:29:43 -03:00
.rubocop.yml Add standard 2024-05-12 00:59:38 -03:00
bsdcontrol.rb.gemspec Add standard 2024-05-12 00:59:38 -03:00
Gemfile Add standard 2024-05-12 00:59:38 -03:00
Gemfile.lock Add standard 2024-05-12 00:59:38 -03:00
LICENSE Add LICENSE 2024-02-29 22:35:05 -03:00
Rakefile.rb Update Rakefile.rb 2024-05-12 01:09:26 -03:00
README.md Fix README 2024-05-12 01:06:51 -03:00

README.md

About

bsdcontrol.rb provides Ruby bindings for libhbsdcontrol from the HardenedBSD project.

Examples

Features

The first example prints a list of HardenedBSD features that can be enabled, disabled or restored to the system default setting:

#!/usr/bin/env ruby
# Required privileges: user, superuser
require "bsdcontrol"
BSD::Control
  .available_features
  .each do
  print "The ", _1.name, " feature is available", "\n"
end

Enable

The following example enables the mprotect feature for the emacs binary. When a feature is enabled for a given file, that setting takes precendence over the system default. The system default can be restored with BSD::Control::Feature#sysdef!:

#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
  .feature(:mprotect)
  .enable!("/usr/local/bin/emacs-29.2")

Status

There are five recognized statuses: unknown, enabled, disabled, sysdef, and invalid. The sysdef status indicates that a feature is configured to use the system default, and it is the most common status:

#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
  .feature(:mprotect)
  .status("/bin/ls") # => :sysdef

Documentation

A complete API reference is available at 0x1eef.github.io/x/bsdcontrol.rb.

Install

Rubygems.org

bsdcontrol.rb can be installed via rubygems.org:

gem install bsdcontrol.rb

Sources

License

BSD Zero Clause.
See LICENSE.