From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 01:55:47 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1658D16A4CE for ; Wed, 11 Feb 2004 01:55:47 -0800 (PST) Received: from istanbul.enderunix.org (freefall.marmara.edu.tr [193.140.143.23]) by mx1.FreeBSD.org (Postfix) with SMTP id 4BD3543D1F for ; Wed, 11 Feb 2004 01:55:44 -0800 (PST) (envelope-from ismail@istanbul.enderunix.org) Received: (qmail 47251 invoked by uid 1003); 12 Feb 2004 09:54:05 -0000 Date: Thu, 12 Feb 2004 11:54:05 +0200 From: Ismail YENIGUL To: roberto@redix.it Message-ID: <20040212095405.GA47173@EnderUNIX.ORG> References: <1093.192.168.0.77.1076491786.squirrel@mail.redix.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1093.192.168.0.77.1076491786.squirrel@mail.redix.it> cc: freebsd-security@freebsd.org Subject: Re: Question about securelevel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 09:55:47 -0000 Hi Did you look at securelevel manual # man securelevel regards On Wed, Feb 11, 2004 at 10:29:46AM +0100, roberto@redix.it wrote: > > I've read about securelevel in the mailing list archive, and found some > pitfalls (and seems to me to be discarded soon). > > But According to me, the following configuration should offer a good > security: > > - mount root fs read only at boot; > - set securelevel to 3; > - do not permit to unmount/remount roots fs read-write (now it is possible > by means of "mount -uw /"); > - the only way to make change at the file system is to reboot in single > user, before the securelevel is set to 3, and make the changes needed > (this means the administrator should use only the console); > > Any comments about? > > Bye, > Roberto > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Ismail YENIGUL http://www.acikkod.com - Acikkod Yayinlari http://www.EnderUNIX.org GnuPG Key: http://yenigul.net/ismail.gpg It takes longer to lose 'x' number of pounds than to gain 'x' number of pounds.