Date: Thu, 27 Jan 2005 16:21:10 -0500 From: Gardner Bell <gbell72@rogers.com> To: freebsd-questions@freebsd.org Subject: Improving System Security Message-ID: <20050127212110.GA15371@gardnerbell.ca>
next in thread | raw e-mail | index | archive | help
I normally run in securelevel 1 and according to the securelevel manual page not even root can change system immutable file flags. What I would like to do is set the schg and sappnd flags on as many system binaries as possible to improve security somewhat should my firewall get hacked. Question is, will I still be able to rebuild world in securelevel 1 without running into all sorts of errors due to schg being set? Is there an easier and more efficient way of improving the security of a firewall or is this about my best bet. I've read the sections on MAC in the FreeBSD handbook but I'm afraid I'd end up locking myself out if I were to go this route as I don't understand enough about MAC as of yet. Thanks Gardner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050127212110.GA15371>