About
bsdcontrol.rb provides Ruby bindings for libhbsdcontrol.
Examples
Features
The first example prints a list of HardenedBSD features that can be enabled, disabled or restored to the system default setting:
#!/usr/bin/env ruby
# Required privileges: user, superuser
require "bsdcontrol"
BSD::Control
.available_features
.each do
print "The ", _1.name, " feature is available", "\n"
end
Enable
The following example enables the mprotect feature for the emacs binary. When a feature is enabled for a given file, that setting takes precendence over the system default. The system default can be restored with BSD::Control::Feature#sysdef!:
#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
.feature(:mprotect)
.enable! File.realpath("/usr/local/bin/emacs")
Status
There are five recognized statuses: unknown
, enabled
, disabled
,
sysdef
, and invalid
. The sysdef
status indicates that a feature
is configured to use the system default, and it is the most common
status:
#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
.feature(:mprotect)
.status("/bin/ls") # => :sysdef
Documentation
A complete API reference is available at 0x1eef.github.io/x/bsdcontrol.rb
Install
bsdcontrol.rb can be installed via rubygems.org:
gem install bsdcontrol.rb