Kernel-loadable Root Kits
Tom Rhodes
trhodes at FreeBSD.org
Wed Sep 29 18:02:53 PDT 2004
On Wed, 29 Sep 2004 19:50:29 -0400
David Schultz <das at freebsd.org> wrote:
> On Wed, Sep 29, 2004, David Pick wrote:
> > 6) securelevel *is* a great thing but sysadmins are tied to the
> > hierarchy of levels chosen by the project, and one size does *not*
> > fit all. As a more general mechanism I would suggest that there
> > is a kernel-build option for *each* facility that can be locked
> > by securelevel, which geves the level at which that facility
> > becomes locked.
>
> Great idea. See mac(4).
And don't forget to read the <shameless plug>MAC</shameless plug>
chapter in the FreeBSD Handbook. :)
--
Tom Rhodes
More information about the freebsd-security
mailing list