Date: Thu, 17 Jun 1999 09:45:20 -0500 (CDT) From: James Wyatt <jwyatt@RWSystems.net> To: "Andy V. Oleynik" <andyo@mail.prime.net.ua> Cc: Richard Childers <rchilders@hamquist.com>, security@FreeBSD.ORG Subject: Re: some nice advice.... Message-ID: <Pine.BSF.4.05.9906170936390.23319-100000@kasie.rwsystems.net> In-Reply-To: <Pine.BSF.3.96.990617154651.16338A-100000@mail.prime.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 17 Jun 1999, Andy V. Oleynik wrote: > chflags schg /kernel > > On Thu, 17 Jun 1999, Richard Childers wrote: > > "My kernel is set schg ..." > > > > Could you please expand on this ? I would think 'expand' would result in more text than the quited original. Something like: "man chflags would tell you what schg means" btw: 'apropos schg' returns 'schg: nothing appropriate' Ugh! The 'schg' (system immutable) flag can be set by root to prevent *anyone* from changing a file, including root. It takes effect when you run at a more secure 'syslevel' and enhances security while running. It usually does not cover stuff buried in rc.* scripts on reboot, though. I suppose that you could set 'schg' on the rc.files and directories as well... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906170936390.23319-100000>