Date: Wed, 11 Feb 2004 10:29:46 +0100 (CET) From: roberto@redix.it To: freebsd-security@freebsd.org Subject: Question about securelevel Message-ID: <1093.192.168.0.77.1076491786.squirrel@mail.redix.it>
next in thread | raw e-mail | index | archive | help
I've read about securelevel in the mailing list archive, and found some pitfalls (and seems to me to be discarded soon). But According to me, the following configuration should offer a good security: - mount root fs read only at boot; - set securelevel to 3; - do not permit to unmount/remount roots fs read-write (now it is possible by means of "mount -uw /"); - the only way to make change at the file system is to reboot in single user, before the securelevel is set to 3, and make the changes needed (this means the administrator should use only the console); Any comments about? Bye, Roberto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1093.192.168.0.77.1076491786.squirrel>