From owner-freebsd-questions  Wed Jun  6  6:25:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pickup2-ld.pvd.loa.net (pickup.loa.com [199.171.167.59])
	by hub.freebsd.org (Postfix) with SMTP id 5466637B403
	for <questions@freebsd.org>; Wed,  6 Jun 2001 06:25:05 -0700 (PDT)
	(envelope-from brentb@loa.com)
Received: (qmail 9932 invoked by uid 0); 6 Jun 2001 13:25:00 -0000
Received: from unknown (HELO pretorian) ([208.130.43.221]) (envelope-sender <?>)
          by pickup2-ld.pvd.loa.net (qmail-ldap-1.03) with SMTP
          for <>; 6 Jun 2001 13:25:00 -0000
Message-ID: <004101c0ee8c$06c0baa0$3ab4a8c0@pretorian>
From: "Brent Bailey" <brentb@loa.com>
To: "Mike Meyer" <mwm@mired.org>
Cc: <questions@freebsd.org>
References: <15133.27632.140669.309442@guru.mired.org>
Subject: Re: kernel -security
Date: Wed, 6 Jun 2001 09:24:33 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

thanx   :-)

B
----- Original Message -----
From: Mike Meyer <mwm@mired.org>
To: Brent Bailey <brentb@loa.com>
Cc: <questions@freebsd.org>
Sent: Tuesday, June 05, 2001 7:32 PM
Subject: Re: kernel -security


Brent Bailey <brentb@loa.com> types:
> I recently install 4.3 FBSD an i noticed you have the option of picking
> "type of security"   i chose "extreme"  and all it really does is add
> kern_securelevel="2"
> kern_securelevel_enable="YES"

It does a little bit more than that. See <URL:
http://www.freebsd.org/doc/en_US.ISO_8859-1/books/faq/install.html#SECURITY-
PROFILES
> for details.

> to the /etc/rc.conf  file.....my question is what advantages as far as
> security does this offer ??   I also installed IPFW w/ NAT  and a few
other
> measures to keep unwanted THINGS at bay...

NAT can do pretty much everything natd does as far as security goes,
using deny_incoming and log_denied. See the natd man page for details.

> im unclear as to what the kern security offers >??

As Bill pointed out, the init man page describes exactly what the
kernel security levels do.

<mike
--
Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more
information.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message