From owner-freebsd-security Thu Aug 19 11:21: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 88EB514C18 for ; Thu, 19 Aug 1999 11:20:58 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id LAA94866; Thu, 19 Aug 1999 11:19:18 -0700 (PDT) From: Archie Cobbs Message-Id: <199908191819.LAA94866@bubba.whistle.com> Subject: Re: Securelevel 3 ant setting time In-Reply-To: from "Lowkrantz, Goran" at "Aug 18, 1999 09:54:53 pm" To: Goran.Lowkrantz@infologigruppen.se (Lowkrantz Goran) Date: Thu, 19 Aug 1999 11:19:18 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG ('freebsd-security@FreeBSD.ORG') X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lowkrantz, Goran writes: > Just found that I can't correct the time on my firewall, running at security > level 3. When I try I get the following: > > date: settimeofday (timeval): Operation not permitted > > Is this by design? If so, why? Yes, this is to prevent attacks that use wrong time settings. You are allowed to change the time a little bit, just not a lot. The solution would be to do somthing like this.. - At boot time, before setting the securelevel, run ntpdate - Run xntpd normally -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message