About

bsdcontrol.rb provides Ruby bindings for libhbsdcontrol.

Examples

Features

The first example prints a list of HardenedBSD features that can be enabled, disabled or restored to the system default setting:

#!/usr/bin/env ruby
# Required privileges: user, superuser
require "bsdcontrol"
BSD::Control
  .available_features
  .each do
  print "The ", _1.name, " feature is available", "\n"
end

Enable

The following example enables the mprotect feature for the emacs binary. When a feature is enabled for a given file, that setting takes precendence over the system default. The system default can be restored with BSD::Control::Feature#sysdef!:

#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
  .feature(:mprotect)
  .enable! File.realpath("/usr/local/bin/emacs")

Status

There are five recognized statuses: unknown, enabled, disabled, sysdef, and invalid. The sysdef status indicates that a feature is configured to use the system default, and it is the most common status:

#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
  .feature(:mprotect)
  .status("/bin/ls") # => :sysdef

Documentation

A complete API reference is available at 0x1eef.github.io/x/bsdcontrol.rb

Install

bsdcontrol.rb can be installed via rubygems.org:

gem install bsdcontrol.rb

Sources

License

BSD Zero Clause
See LICENSE