From owner-freebsd-security Fri Aug 28 15:16:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA01073 for freebsd-security-outgoing; Fri, 28 Aug 1998 15:16:25 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA01064 for ; Fri, 28 Aug 1998 15:16:18 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id PAA20835; Fri, 28 Aug 1998 15:15:18 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Fri, 28 Aug 1998 15:15:18 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Zahemszky Gabor cc: security@FreeBSD.ORG Subject: Re: post breakin log In-Reply-To: <199808280832.KAA00493@CoDe.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In 3.0 you can do so within /etc/rc.conf: kern_securelevel_enable="NO" # kernel security level (see init(8)), kern_securelevel="-1" # range: -1..2 ; `-1' is the most insecure Which in turn sets this in the very end of /etc/rc: % tail -10 rc # Raise kernel security level. This should be done only after `fsck' has # repaired local file systems if you want the securelevel to be greater than 1. if [ "X${kern_securelevel_enable}" != X"NO" -a "${kern_securelevel}" -ge 0 ]; then echo 'Raising kernel security level' sysctl -w kern.securelevel=${kern_securelevel} fi date exit 0 % -- Yan www.best.com/~jkb/ Unix users of the world unite: www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com "Turn up the lights, I don't want to go home in the dark." On Fri, 28 Aug 1998, Zahemszky Gabor wrote: >> Brian Behlendorf wrote in message ID >> <19980827182323.6798.qmail@hyperreal.org>: >> > Is there a fool-proof way to get user histories like this? I got one once >> > only because the cracker was lame enough to forget to delete his >> > .bash_history file. Presuming root isn't compromised of course... >> >> Force the history files to be created with uappend flag set and run with a non >> zero security level. > >Please! What is the correct way to change security-level? Where can I do it? >Yes, I know that in rc*, but which? And where? > >ZGabor at CoDe dot HU > >-- >#!/bin/ksh >Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message