11.1Slukem#!/bin/sh 21.1Slukem# 31.9Skre# $NetBSD: securelevel,v 1.9 2023/12/25 07:39:59 kre Exp $ 41.1Slukem# 51.1Slukem 61.1Slukem# PROVIDE: securelevel 71.7Sad# REQUIRE: ipnat mountd 81.4Sthorpej# BEFORE: DAEMON 91.1Slukem 101.5Smycroft$_rc_subr_loaded . /etc/rc.subr 111.1Slukem 121.1Slukemname="securelevel" 131.1Slukemstart_cmd="securelevel_start" 141.1Slukemstop_cmd=":" 151.1Slukem 161.1Slukemsecurelevel_start() 171.1Slukem{ 181.3Smrg # if $securelevel is set higher, change it here, else if 191.3Smrg # it is 0, change it to 1 here, before we start daemons 201.3Smrg # or login services. 211.1Slukem # 221.8Selad osecurelevel=$(sysctl -n kern.securelevel 2>&-) 231.8Selad if [ $? != 0 ]; then 241.8Selad echo "Can't set securelevel. (kern.securelevel sysctl not present.)" 251.8Selad exit 1 261.8Selad fi 271.8Selad 281.9Skre if [ -n "$securelevel" ] && [ "$securelevel" != "$osecurelevel" ]; then 291.3Smrg if [ "$securelevel" -lt "$osecurelevel" ]; then 301.3Smrg echo "Can't lower securelevel." 311.3Smrg exit 1 321.3Smrg else 331.3Smrg echo -n "Setting securelevel: " 341.3Smrg sysctl -w kern.securelevel=$securelevel 351.3Smrg fi 361.1Slukem else 371.3Smrg if [ "$osecurelevel" = 0 ]; then 381.1Slukem echo -n "Setting securelevel: " 391.1Slukem sysctl -w kern.securelevel=1 401.1Slukem fi 411.1Slukem fi 421.1Slukem} 431.1Slukem 441.1Slukemload_rc_config $name 451.1Slukemrun_rc_command "$1" 46