Improving System Security
Gardner Bell
gbell72 at rogers.com
Thu Jan 27 13:23:47 PST 2005
I normally run in securelevel 1 and according to the securelevel manual page
not even root can change system immutable file flags. What I would
like to do is set the schg and sappnd flags on as many system binaries
as possible to improve security somewhat should my firewall get
hacked.
Question is, will I still be able to rebuild world in securelevel 1
without running into all sorts of errors due to schg being set? Is
there an easier and more efficient way of improving the security of a
firewall or is this about my best bet. I've read the sections on MAC
in the FreeBSD handbook but I'm afraid I'd end up locking myself out
if I were to go this route as I don't understand enough about MAC as
of yet.
Thanks
Gardner
More information about the freebsd-questions
mailing list