From owner-freebsd-questions Tue Jun 5 16:32: 3 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id C7B3137B406 for ; Tue, 5 Jun 2001 16:32:00 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 89158 invoked by uid 100); 5 Jun 2001 23:32:00 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15133.27632.140669.309442@guru.mired.org> Date: Tue, 5 Jun 2001 18:32:00 -0500 To: "Brent Bailey" Cc: questions@freebsd.org Subject: Re: kernel -security In-Reply-To: <50686888@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Brent Bailey types: > I recently install 4.3 FBSD an i noticed you have the option of picking > "type of security" i chose "extreme" and all it really does is add > kern_securelevel="2" > kern_securelevel_enable="YES" It does a little bit more than that. See for details. > to the /etc/rc.conf file.....my question is what advantages as far as > security does this offer ?? I also installed IPFW w/ NAT and a few other > measures to keep unwanted THINGS at bay... NAT can do pretty much everything natd does as far as security goes, using deny_incoming and log_denied. See the natd man page for details. > im unclear as to what the kern security offers >?? As Bill pointed out, the init man page describes exactly what the kernel security levels do. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message