Date: Sun, 21 Jun 2009 21:10:25 +0100 From: Chris Rees <utisoft@googlemail.com> To: Tim Judd <tajudd@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: kern.securelevel Message-ID: <b79ecaef0906211310j5ea3a85em328100d207fbc0e6@mail.gmail.com> In-Reply-To: <ade45ae90906181843j7c33a56dkd79c777ad67ff5cc@mail.gmail.com> References: <ade45ae90906181843j7c33a56dkd79c777ad67ff5cc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/6/19 Tim Judd <tajudd@gmail.com>: > Something dawned on me. =A0FreeBSD/Open/Net are all well secured > systems. =A0On an Internet-facing router, would applying a higher > kern.securelevel provide any better, tighter, higher security if the > machine was broken into? =A0Given you need to lower the securelevel > before multiuser, it is a reasonable to think raising the securelevel > will give higher comfort feeling? > > > I know this is a logical/thinking/mind question, but that's what I'm aski= ng for. > By all means raise your securelevel if you're happy with firewall rules, and don't ever need to change flags on files, but really, unless you expect root to be broken, it's kinda annoying. Just disallow root access to EVERYTHING, ssh, telnet (if you're mad enough to run it facing the net), ftp, etc. Chris --=20 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b79ecaef0906211310j5ea3a85em328100d207fbc0e6>