Date: Sun, 21 Jun 2009 14:30:26 -0600 From: Tim Judd <tajudd@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: kern.securelevel Message-ID: <ade45ae90906211330se2b7d39p3eaf652f2c09cce8@mail.gmail.com> In-Reply-To: <441vpdmr31.fsf@lowell-desk.lan> References: <ade45ae90906181843j7c33a56dkd79c777ad67ff5cc@mail.gmail.com> <441vpdmr31.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/21/09, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: > Tim Judd <tajudd@gmail.com> writes: > >> Something dawned on me. FreeBSD/Open/Net are all well secured >> systems. On an Internet-facing router, would applying a higher >> kern.securelevel provide any better, tighter, higher security if the >> machine was broken into? Given you need to lower the securelevel >> before multiuser, it is a reasonable to think raising the securelevel >> will give higher comfort feeling? > > I can't understand your last sentence. Let me try to rephrase it. When securelevel is raised, to lower it to accomplish a task such as installworld or something, you have to comment/lower the level in the rc.conf and reboot in order to reach the lower level. Once the lower-level is reached (after a reboot, including assuming maybe SUM might be able to change it), you can do your installworld and then re-raise the securelevel back up. keeping the securelevel up means that nothing (poor choice of word.. "nothing" in terms of the perfect world and no SA's are announced or anything) can be compromised and altered without first loosing the connection to the box. I dunno, this is a new idea I had on internet-facing routers (not necessarily for secured servers or anything). Just trying to get the public's feel of who might be using it, why they're using it, and if they feel safer using it. I would love to hear if any popular corporations (big names, like yahoo, hp, etc) are using this kind of secured approach. > > The obvious thing is that a raised securelevel only helps if it doesn't > get in the way of operations you need to do. A bit less obvious is that > it only helps if you are sure you will know if the system reboots. I would gladly put myself through the headache of the lower/reboot/change config/raise if I can see if it makes sense to the other big names that it's helping them stay secure. The other idea I had was to mark for example ttyv0-7 secure (preferably marking only ttyd0 on serial console secure), leaving the rest insecure, raising securelevel and working that angle. This is a post very seriously asking opinions on the securelevel mechanism, and I am asking for people's opinion. I know everyone is different, but I am trying to get a feel for the public use of it. --Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ade45ae90906211330se2b7d39p3eaf652f2c09cce8>