From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 05:12:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7385916A4CE for ; Wed, 11 Feb 2004 05:12:54 -0800 (PST) Received: from redix.it (host49-169.pool8172.interbusiness.it [81.72.169.49]) by mx1.FreeBSD.org (Postfix) with SMTP id 22B5C43D1D for ; Wed, 11 Feb 2004 05:12:53 -0800 (PST) (envelope-from roberto@redix.it) Received: (qmail 21002 invoked by uid 72); 11 Feb 2004 13:12:46 -0000 Received: from 192.168.0.77 (SquirrelMail authenticated user roberto) by mail.redix.it with HTTP; Wed, 11 Feb 2004 14:12:46 +0100 (CET) Message-ID: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> Date: Wed, 11 Feb 2004 14:12:46 +0100 (CET) From: roberto@redix.it To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: Question about securelevel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 13:12:54 -0000 I want to discuss securelevel and whether it's a good or bad thing. Now, I do not need help to get it working (but never say never ...). I'll try to explain my idea. Suppose I'm trying to setup a packet-filtering firewall based on FreeBSD, and I want to harden it (I heard about TrustedBSD, but here I want to speach about securelevel). I made the assumption that the console (of my BSD) is in a safe place, so I can exclude any hack from it. It should be the only place where the administrator can access the O.S. with securelevel disabled (i.e.=0, by means of a single user mode). In normal condition, O.S. is running on securelevel=3 so nobody can: - kernel module connot be loaded or unloaded; - packet filtering rules connot be altered; - /dev/mem and kmem cannot be write; - immutable and sys flags cannot be turned off; In addition (this is my idea), suppose to configured the root filesystem read-only and there is no way to change this (remount it rw) when securelevel is == 3. Could this configuration be considered secure, according to you? There are any weakness of securelevel still present? Any comments are welcome... Regards, Roberto