From owner-freebsd-doc Fri Nov 13 02:10:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA17688 for freebsd-doc-outgoing; Fri, 13 Nov 1998 02:10:01 -0800 (PST) (envelope-from owner-freebsd-doc@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA17644 for ; Fri, 13 Nov 1998 02:09:57 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id CAA29465; Fri, 13 Nov 1998 02:10:01 -0800 (PST) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA17298 for ; Fri, 13 Nov 1998 02:05:38 -0800 (PST) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id CAA13902; Fri, 13 Nov 1998 02:04:33 -0800 (PST) Message-Id: <199811131004.CAA13902@shell6.ba.best.com> Date: Fri, 13 Nov 1998 02:04:33 -0800 (PST) From: jkb@FreeBSD.ORG Reply-To: jkb@FreeBSD.ORG To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: docs/8674: securelevel 3 is not documented Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 8674 >Category: docs >Synopsis: securelevel 3 is not documented >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 13 02:10:00 PST 1998 >Last-Modified: >Originator: Jan B. Koum >Organization: None >Release: FreeBSD 2.2.7-STABLE i386 >Environment: 2.2, 3.0 branches, all platforms >Description: Securelevel 3 is not documented in init's man page. >How-To-Repeat: man init See also docs/7785 >Fix: Since /etc/rc sets up up firewall (from rc.network) before it changes securelevel, all we need to change is init's man page and /etc/rc.conf: rafraf# diff -u init.8.orig init.8 --- init.8.orig Fri Nov 13 01:40:29 1998 +++ init.8 Fri Nov 13 01:49:30 1998 @@ -113,6 +113,10 @@ but also inhibits running .Xr newfs 8 while the system is multi-user. +.It Ic 3 +Network secure mode \- same as highly secure mode, plus firewall +rules in the kernel can not be modified via utilites such as +.Xr ipfw 8 . .El .Pp If the security level is initially -1, then rafraf# diff -u rc.conf.orig rc.conf --- rc.conf.orig Fri Nov 13 02:01:32 1998 +++ rc.conf Fri Nov 13 02:01:44 1998 @@ -169,7 +169,7 @@ ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout" # a.out shared library search paths kern_securelevel_enable="NO" # kernel security level (see init(8)), -kern_securelevel="-1" # range: -1..2 ; `-1' is the most insecure +kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure ############################################################## ### Allow local configuration override at the very end here ## >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message