Securing system with kern.securelevel
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Thu Oct 2 17:44:24 UTC 2008
"DSA - JCR" <juancr at dsa.es> writes:
> I would like to use securelevel to secure a backup schedluded box made
> with FreeBSD.
>
> This box mount and unmount external USB disk where the backup is made once
> a week.
In that case, you can't set the securelevel higher than 1.
> Which would be the correct secure level ? 1, 2, or 3?
0 or 1.
> I don't want nobody modify scripts and root things, like adding a user to
> make the thing by itself, ... or modify my crontab scripts, etc...
Is this a machine that typically has users logging into it? If not, I
would concentrate on securing the login procedures available rather
than working on limiting the abilities of accounts once they have
access to the machine. Securelevel is useful in a fairly narrow range
of situations: some of the less obvious are that you have to be sure
that you will notice quickly if the machine reboots, and the machine
has to be physically secure.
> Also, where i must put the kern.securelevel?
Set it in rc.conf.
> I didnt understood very well in the manual and handbook in which part of
> the bootin process (rc) i must put the line in rc.conf?
See the manual for rc.conf(5).
You will want the kern_securelevel_enable and kern_securelevel
variables.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
More information about the freebsd-questions
mailing list