Date: Wed, 6 Jun 2001 09:24:33 -0400 From: "Brent Bailey" <brentb@loa.com> To: "Mike Meyer" <mwm@mired.org> Cc: <questions@freebsd.org> Subject: Re: kernel -security Message-ID: <004101c0ee8c$06c0baa0$3ab4a8c0@pretorian> References: <15133.27632.140669.309442@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
thanx :-) B ----- Original Message ----- From: Mike Meyer <mwm@mired.org> To: Brent Bailey <brentb@loa.com> Cc: <questions@freebsd.org> Sent: Tuesday, June 05, 2001 7:32 PM Subject: Re: kernel -security Brent Bailey <brentb@loa.com> types: > I recently install 4.3 FBSD an i noticed you have the option of picking > "type of security" i chose "extreme" and all it really does is add > kern_securelevel="2" > kern_securelevel_enable="YES" It does a little bit more than that. See <URL: http://www.freebsd.org/doc/en_US.ISO_8859-1/books/faq/install.html#SECURITY- PROFILES > for details. > to the /etc/rc.conf file.....my question is what advantages as far as > security does this offer ?? I also installed IPFW w/ NAT and a few other > measures to keep unwanted THINGS at bay... NAT can do pretty much everything natd does as far as security goes, using deny_incoming and log_denied. See the natd man page for details. > im unclear as to what the kern security offers >?? As Bill pointed out, the init man page describes exactly what the kernel security levels do. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004101c0ee8c$06c0baa0$3ab4a8c0>