HardenedBSD/etc/rc.d/initrandom

83 lines
1.7 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: initrandom
# REQUIRE: dumpon ddb
# BEFORE: disks
# KEYWORD: nojail
. /etc/rc.subr
name="initrandom"
start_cmd="initrandom_start"
stop_cmd=":"
feed_dev_random()
{
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
fi
}
initrandom_start()
{
soft_random_generator=`sysctl kern.random 2>/dev/null`
echo -n 'Entropy harvesting:'
if [ \! -z "${soft_random_generator}" ] ; then
if [ -w /dev/random ]; then
if checkyesno harvest_interrupt; then
${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
echo -n ' interrupts'
else
${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
fi
if checkyesno harvest_ethernet; then
${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
echo -n ' ethernet'
else
${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
fi
if checkyesno harvest_p_to_p; then
${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
echo -n ' point_to_point'
else
${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
fi
fi
# XXX temporary until we can improve the entropy
# harvesting rate.
# Entropy below is not great, but better than nothing.
# This unblocks the generator at startup
( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
| dd of=/dev/random bs=8k 2>/dev/null
cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
# First pass at reseeding /dev/random.
#
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
if [ -w /dev/random ]; then
feed_dev_random "${entropy_file}"
fi
;;
esac
echo -n ' kickstart'
fi
echo '.'
}
load_rc_config random
run_rc_command "$1"