Date: Thu, 02 Oct 2008 13:44:21 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "DSA - JCR" <juancr@dsa.es> Cc: freebsd-questions@freebsd.org Subject: Re: Securing system with kern.securelevel Message-ID: <44iqsayjre.fsf@be-well.ilk.org> In-Reply-To: <54674.217.114.136.134.1222857247.squirrel@mail.dsa.es> (DSA's message of "Wed\, 1 Oct 2008 10\:34\:07 -0000 \(GMT\)") References: <54674.217.114.136.134.1222857247.squirrel@mail.dsa.es>
next in thread | previous in thread | raw e-mail | index | archive | help
"DSA - JCR" <juancr@dsa.es> writes: > I would like to use securelevel to secure a backup schedluded box made > with FreeBSD. > > This box mount and unmount external USB disk where the backup is made once > a week. In that case, you can't set the securelevel higher than 1. > Which would be the correct secure level ? 1, 2, or 3? 0 or 1. > I don't want nobody modify scripts and root things, like adding a user to > make the thing by itself, ... or modify my crontab scripts, etc... Is this a machine that typically has users logging into it? If not, I would concentrate on securing the login procedures available rather than working on limiting the abilities of accounts once they have access to the machine. Securelevel is useful in a fairly narrow range of situations: some of the less obvious are that you have to be sure that you will notice quickly if the machine reboots, and the machine has to be physically secure. > Also, where i must put the kern.securelevel? Set it in rc.conf. > I didnt understood very well in the manual and handbook in which part of > the bootin process (rc) i must put the line in rc.conf? See the manual for rc.conf(5). You will want the kern_securelevel_enable and kern_securelevel variables. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44iqsayjre.fsf>