From owner-freebsd-questions@FreeBSD.ORG Thu Jan 27 22:24:54 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF89816A4CE for ; Thu, 27 Jan 2005 22:24:54 +0000 (GMT) Received: from muse.calarts.edu (muse.calarts.edu [198.182.157.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1EEAA43D4C for ; Thu, 27 Jan 2005 22:24:54 +0000 (GMT) (envelope-from smurphy@calarts.edu) Received: from [198.182.157.20] ([198.182.157.20]) by muse.calarts.edu (8.11.7p1+Sun/8.11.7) with ESMTP id j0RMOrw23114 for ; Thu, 27 Jan 2005 14:24:53 -0800 (PST) Message-ID: <41F96A35.6090507@calarts.edu> Date: Thu, 27 Jan 2005 14:24:53 -0800 From: Sean Murphy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: kern secure level help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 22:24:55 -0000 I have read different views about implementing a secure level on FreeBSD on the web one said to implement it and gave certain things that it does at the different levels -1, 0, 1, 2 one said that it would break certain applications as the need to write to some /dev areas one even said it is a false sense of security I guess by default FeeBSD runs at -1 what would most of you recommend doing? is this primary to keep local users (ssh) in check? does it help in remote attacks (buffer overflow) is it even needed?