Date: Sun, 22 Apr 2001 10:16:16 -0500 From: Mike Meyer <mwm@mired.org> To: "J. Seth Henry" <jshenry@net-noise.com> Cc: questions@freebsd.org Subject: Re: FBSD 4.2 security settings Message-ID: <15074.62912.928381.243674@guru.mired.org> In-Reply-To: <67112722@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
J. Seth Henry <jshenry@net-noise.com> types: > Hello all, > I recently upgraded to 4.2-RELEASE, and I accepted the default "medium" > security. All was well until I tried loading a kernel module, and running X. > I discovered that medium security implies a kernel security level of 1, > instead of 0. Does anyone know where this is stored? I changed the value in > rc.conf from 1 to 0, and now I get two messages (almost sequentially) > Changing kern.securelevel from -1 -> 0 > Changing kern.securelevel from 0 -> 1 FWIW, the installtion security profiles are described at <URL: http://www.freebsd.org/doc/en_US.ISO_8859-1/books/faq/install.html#AEN1151 >. > If I turn the setting off, it stays at -1. I thought about just leaving it > disabled and writing a script that runs from rc.d that sets it explicitly, > but I would like to know how to fix it the "right" way. According to the rc.conf man page, you should set kern_securelevel_enable to enable it, and kern_securelevel to the value it should be set to. If that's what you did, possibly something else set the secure level elsewhere. You might try grepping for securelevel in /etc/rc* to see if you can find it. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15074.62912.928381.243674>