From owner-freebsd-security@FreeBSD.ORG Mon Jul 12 22:53:15 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B0DB106566C for ; Mon, 12 Jul 2010 22:53:15 +0000 (UTC) (envelope-from bryan@xzibition.com) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 29BD08FC15 for ; Mon, 12 Jul 2010 22:53:14 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=xzibition.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=W83JIt jxsb6BM6ODneiFjTjiuv2Mem/4S74f455ztE8VisRjuEvm8HViYuj1V5dCUKTr9s BnyB/mafCc6nNRPisaP1dopgqsHm9O0wkpmxPnpbr2lHonHid2TR1Wz6GTPdGZmy kLYmD8eNhfH1re8G5y3QHDsPoNCUCgaj+0P50= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=xzibition.com; h= message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; s=sweb; bh= JCul4fhHObovutHGQ4b/CeMoSj0rmup9/ayr3vLrbSE=; b=p872YMBvQO232JIe 7EHphYRyDY56DsdHz5CvdeoQ7OgIffdlB+2exmhWCT8zmVzDNSqoQDw+oqJt4H2M JzUFgSHv5ywSGqJcZphE0JP5yx1s86N8Mt0NuZecA4Qe7gTX0rV59aaO21LevPpd sCLHn8SY9gO1nVnSyIRo3LEH9nI= Received: (qmail 35380 invoked from network); 12 Jul 2010 17:53:11 -0500 Received: from unknown (HELO ?192.168.0.201?) (bryan@shatow.net@74.94.87.209) by sweb.xzibition.com with ESMTPA; 12 Jul 2010 17:53:11 -0500 Message-ID: <4C3B9CD6.3010207@xzibition.com> Date: Mon, 12 Jul 2010 17:53:10 -0500 From: Bryan Drewery User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Fernan Aguero References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: disable (new)syslog rotation and raise securelevel ... possible? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 22:53:15 -0000 Fernan, You can disable newsyslog by adding newsyslog_enable="NO" to your /etc/rc.conf or /etc/rc.conf.local Also be aware that you will need to reboot with kern_securelevel_enable="NO" in one of those files, to lower the securelevel. You should also consider a remote syslog host. Bryan Fernan Aguero wrote: > Hi, > > I'd like to harden my FreeBSD installation, and thus would like to, e.g. > > i) chflags sappnd /var/log/* > ii) raise the securelevel of the system > > Is this possible? I've read elsewhere that newsyslog would not work in > such a system ... what are the possible workarounds? > > I wouldn't bother taking the system down once a week or every other > week, and manually lowering the securelevel, running newsyslog, etc. > Is there a guide somewhere on how to go about this? > > Thanks! > >