From owner-freebsd-questions@FreeBSD.ORG Sun Jun 21 20:30:27 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5590E1065677 for ; Sun, 21 Jun 2009 20:30:27 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 106D88FC24 for ; Sun, 21 Jun 2009 20:30:26 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: by qw-out-2122.google.com with SMTP id 3so1331104qwe.7 for ; Sun, 21 Jun 2009 13:30:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=x3+tocMl6h1v4wrxX/O5XkpEuGZTUqI7M0E1vvNCUMY=; b=aiw1rLu6vtRxIQXaNo0w4DuwzkYR/ytsS4EFuiYSYUwP8QxPh6iCB2EDalmxsuMbNN DyB+Pctz39ceI/aB6Xx0zce2fW0y11jlzu6uDnMDLEKpK1+UeX6Q5apAqxWYJuVN9TOp bgd7C3CCqT4lxWxVVPlYNfNAieTra4uoWQJOA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=syXgmQYW77uQSwrHUOfjpEndmmuxoQHA8LGZ36VGNlUbEMR7NmRCMd8uAzfQiQLW43 RYsVJO1oDiad3dBIN3WdR+Au47xezGYQRTBlICb2roKNsjmXYk3TdC/PpcFVITBc7CgI W1ZK1G6AnwEUuPihGE9sFTOpNI3SM41czV+4w= MIME-Version: 1.0 Received: by 10.220.98.17 with SMTP id o17mr3499923vcn.86.1245616226219; Sun, 21 Jun 2009 13:30:26 -0700 (PDT) In-Reply-To: <441vpdmr31.fsf@lowell-desk.lan> References: <441vpdmr31.fsf@lowell-desk.lan> Date: Sun, 21 Jun 2009 14:30:26 -0600 Message-ID: From: Tim Judd To: freebsd-questions Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: kern.securelevel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2009 20:30:27 -0000 On 6/21/09, Lowell Gilbert wrote: > Tim Judd writes: > >> Something dawned on me. FreeBSD/Open/Net are all well secured >> systems. On an Internet-facing router, would applying a higher >> kern.securelevel provide any better, tighter, higher security if the >> machine was broken into? Given you need to lower the securelevel >> before multiuser, it is a reasonable to think raising the securelevel >> will give higher comfort feeling? > > I can't understand your last sentence. Let me try to rephrase it. When securelevel is raised, to lower it to accomplish a task such as installworld or something, you have to comment/lower the level in the rc.conf and reboot in order to reach the lower level. Once the lower-level is reached (after a reboot, including assuming maybe SUM might be able to change it), you can do your installworld and then re-raise the securelevel back up. keeping the securelevel up means that nothing (poor choice of word.. "nothing" in terms of the perfect world and no SA's are announced or anything) can be compromised and altered without first loosing the connection to the box. I dunno, this is a new idea I had on internet-facing routers (not necessarily for secured servers or anything). Just trying to get the public's feel of who might be using it, why they're using it, and if they feel safer using it. I would love to hear if any popular corporations (big names, like yahoo, hp, etc) are using this kind of secured approach. > > The obvious thing is that a raised securelevel only helps if it doesn't > get in the way of operations you need to do. A bit less obvious is that > it only helps if you are sure you will know if the system reboots. I would gladly put myself through the headache of the lower/reboot/change config/raise if I can see if it makes sense to the other big names that it's helping them stay secure. The other idea I had was to mark for example ttyv0-7 secure (preferably marking only ttyd0 on serial console secure), leaving the rest insecure, raising securelevel and working that angle. This is a post very seriously asking opinions on the securelevel mechanism, and I am asking for people's opinion. I know everyone is different, but I am trying to get a feel for the public use of it. --Tim