From owner-freebsd-security Wed Jun 19 9:55:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from web10103.mail.yahoo.com (web10103.mail.yahoo.com [216.136.130.53]) by hub.freebsd.org (Postfix) with SMTP id 4C7C037B401 for ; Wed, 19 Jun 2002 09:55:07 -0700 (PDT) Message-ID: <20020619165507.43204.qmail@web10103.mail.yahoo.com> Received: from [68.5.49.41] by web10103.mail.yahoo.com via HTTP; Wed, 19 Jun 2002 09:55:07 PDT Date: Wed, 19 Jun 2002 09:55:07 -0700 (PDT) From: twig les Subject: Re: preventing tampering with tripwire To: Maxlor , "freebsd-security@FreeBSD.ORG" In-Reply-To: <2799555.1024487443@[10.0.0.16]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org - Change kern.securelevel to 1. This prevents > modifying any file which has > the schg flag set. The securelevel cannot be lowered > without a reboot. I've > got to think a bit about how preventing a lowering > through rebooting... > maybe schg'ing /etc/rc and /etc/rc.conf? > I bet an attacker would be pretty annoyed if he rooted your box, knew FreeBSD well enough to know the schg trick, rebooted, then found out that you had set a BIOS passwd. He'd have to be local and have a screwdriver :). Of course your remote admin would take a hit so it's up to circumstances whether you can do that or not. ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message