Date: Fri, 13 Nov 1998 02:04:33 -0800 (PST) From: jkb@FreeBSD.ORG To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: docs/8674: securelevel 3 is not documented Message-ID: <199811131004.CAA13902@shell6.ba.best.com>
next in thread | raw e-mail | index | archive | help
>Number: 8674 >Category: docs >Synopsis: securelevel 3 is not documented >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 13 02:10:00 PST 1998 >Last-Modified: >Originator: Jan B. Koum >Organization: None >Release: FreeBSD 2.2.7-STABLE i386 >Environment: 2.2, 3.0 branches, all platforms >Description: Securelevel 3 is not documented in init's man page. >How-To-Repeat: man init See also docs/7785 >Fix: Since /etc/rc sets up up firewall (from rc.network) before it changes securelevel, all we need to change is init's man page and /etc/rc.conf: rafraf# diff -u init.8.orig init.8 --- init.8.orig Fri Nov 13 01:40:29 1998 +++ init.8 Fri Nov 13 01:49:30 1998 @@ -113,6 +113,10 @@ but also inhibits running .Xr newfs 8 while the system is multi-user. +.It Ic 3 +Network secure mode \- same as highly secure mode, plus firewall +rules in the kernel can not be modified via utilites such as +.Xr ipfw 8 . .El .Pp If the security level is initially -1, then rafraf# diff -u rc.conf.orig rc.conf --- rc.conf.orig Fri Nov 13 02:01:32 1998 +++ rc.conf Fri Nov 13 02:01:44 1998 @@ -169,7 +169,7 @@ ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout" # a.out shared library search paths kern_securelevel_enable="NO" # kernel security level (see init(8)), -kern_securelevel="-1" # range: -1..2 ; `-1' is the most insecure +kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure ############################################################## ### Allow local configuration override at the very end here ## >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811131004.CAA13902>