Question about securelevel
roberto at redix.it
roberto at redix.it
Wed Feb 11 07:13:17 PST 2004
>
> Change the "console" line in /etc/ttys from "secure" to "insecure", that
> will make your administrator enter the root password when booting to
> single user.
>
> When using securelevel, you might also want to use a script to set the
> immutable flag on various parts of the file system.
>
> There's also much more to securing a box than just using securelevel.
>
1- OK I've already set console to insecure, I do not like the single user
mode offer a shell without password.
2- But instead of set the immutable flags over several files, seems to me
more simple (and not error prone) to set the root file system read-only
(simple to do) and to find a way it could not be remounted rw while
securelevel == 3!
3- OK agree with you: there's also much more to securing a box than just
using securelevel, but using a securelevel+readonly file system, is a step
foreward in security?
Regards
Roberto
More information about the freebsd-security
mailing list