Date: Thu, 27 Jan 2005 18:16:14 -0500 From: Chuck Swiger <cswiger@mac.com> To: Sean Murphy <smurphy@calarts.edu> Cc: freebsd-questions@freebsd.org Subject: Re: kern secure level help Message-ID: <41F9763E.9050200@mac.com> In-Reply-To: <41F96A35.6090507@calarts.edu> References: <41F96A35.6090507@calarts.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean Murphy wrote: > I guess by default FeeBSD runs at -1 That's right. > what would most of you recommend doing? is this primary to keep local > users (ssh) in check? does it help in remote attacks (buffer overflow) > is it even needed? Read "man securelevel" and see for yourself what it does. High securelevels are intended for dedicated applicances like network firewalls which do not have interactive users, generally are not offering services to the world, are expected to be configured once, and then left alone for long periods of time. Setting a securelevel does not help in remote-access compromises like buffer overflows in system daemons, which is why they are not particularly useful for machines supporting interactive logins and offering network services. For those, running portaudit and keeping the base-system and ports up to date is more helpful... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F9763E.9050200>