From owner-freebsd-questions  Thu Jan 22 07:23:23 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA21410
          for questions-outgoing; Thu, 22 Jan 1998 07:23:23 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.10.60])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA21399
          for <freebsd-questions@FreeBSD.ORG>; Thu, 22 Jan 1998 07:23:20 -0800 (PST)
          (envelope-from kheuer@gwdu60.gwdg.de)
Received: from localhost (kheuer@localhost)
	by gwdu60.gwdg.de (8.8.5/8.8.5) with SMTP id QAA05630
	for <freebsd-questions@FreeBSD.ORG>; Thu, 22 Jan 1998 16:22:50 +0100 (CET)
Date: Thu, 22 Jan 1998 16:22:50 +0100 (CET)
From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
To: freebsd-questions@FreeBSD.ORG
Subject: How to Raise Security Level?
Message-ID: <Pine.BSF.3.96.980122160636.5618A-100000@gwdu60.gwdg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk


As far as I know FreeBSD supports the 4.4BSD concept of running
the system in a definite security level to protect special files
against modification etc.

`sysctl -a' shows that the system by default runs in level `-1'
which means `always insecure'.

So how should I increase the security level for example to `1'
(= secure) in multi-user mode and to `0' in single-user mode?

Can it simply be done with `sysctl' or will this raise some
difficulties in standard multi-user mode (apart from the fact that the
kernel might only be replaced and the system log might only be truncated
in single-user mode)?

Thanks for any information!

Konrad Heuer, GWDG, Goettingen, Germany
(kheuer@gwdu60.gwdg.de)