Question about securelevel
roberto at redix.it
roberto at redix.it
Wed Feb 11 01:29:50 PST 2004
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is possible
by means of "mount -uw /");
- the only way to make change at the file system is to reboot in single
user, before the securelevel is set to 3, and make the changes needed
(this means the administrator should use only the console);
Any comments about?
Bye,
Roberto
More information about the freebsd-security
mailing list