From owner-freebsd-questions@FreeBSD.ORG Mon Jun 22 01:39:30 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87DCE106566C for ; Mon, 22 Jun 2009 01:39:30 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id DA8128FC17 for ; Mon, 22 Jun 2009 01:39:29 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from smoochies.rachie.is-a-geek.net (mailhub.lan.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id DA0E47E83F for ; Sun, 21 Jun 2009 17:39:28 -0800 (AKDT) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Sun, 21 Jun 2009 17:39:27 -0800 User-Agent: KMail/1.11.4 (FreeBSD/8.0-CURRENT; KDE/4.2.4; i386; ; ) References: <441vpdmr31.fsf@lowell-desk.lan> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906211739.28012.mel.flynn+fbsd.questions@mailing.thruhere.net> Subject: Re: kern.securelevel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 01:39:31 -0000 On Sunday 21 June 2009 12:30:26 Tim Judd wrote: > On 6/21/09, Lowell Gilbert wrote: > > Tim Judd writes: > >> Something dawned on me. FreeBSD/Open/Net are all well secured > >> systems. On an Internet-facing router, would applying a higher > >> kern.securelevel provide any better, tighter, higher security if the > >> machine was broken into? Given you need to lower the securelevel > >> before multiuser, it is a reasonable to think raising the securelevel > >> will give higher comfort feeling? > > > > I can't understand your last sentence. > > Let me try to rephrase it. > When securelevel is raised, to lower it to accomplish a task such as > installworld or something, you have to comment/lower the level in the > rc.conf and reboot in order to reach the lower level. Actually, securelevel is often used to prevent editing of /etc files during service time, as mounts cannot be set to write once marked read-only. So one would first have to reboot, go into single user mode and then do installworld. The reason to prevent access to /etc is to prevent exploits on next reboot, by starting a service or modifying the path to a service. You would have to see how much you change files in /etc and whether the application in question can be configured without editing, like for pf using tables and anchors. That's one aspect of what Lowell Gilbert means with "getting in the way of operations you need". > I dunno, this is a new idea I had on internet-facing routers (not > necessarily for secured servers or anything). Just trying to get the > public's feel of who might be using it, why they're using it, and if > they feel safer using it. For pf there's an additional advantage for const tables: they cannot be modified at all, if securelevel is 2. I use such a table for the private networks that cannot enter $ext_if. Overall, securelevel should be seen as reinforced doors inside the house: they slow down or prevent more disaster, once a thief is already inside. -- Mel