Date: Fri, 23 Jan 1998 01:47:22 +0100 From: Eivind Eklund <eivind@yes.no> To: Konrad Heuer <kheuer@gwdu60.gwdg.de> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to Raise Security Level? Message-ID: <19980123014722.46113@follo.net> In-Reply-To: <Pine.BSF.3.96.980122160636.5618A-100000@gwdu60.gwdg.de>; from Konrad Heuer on Thu, Jan 22, 1998 at 04:22:50PM %2B0100 References: <Pine.BSF.3.96.980122160636.5618A-100000@gwdu60.gwdg.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 22, 1998 at 04:22:50PM +0100, Konrad Heuer wrote: > > As far as I know FreeBSD supports the 4.4BSD concept of running > the system in a definite security level to protect special files > against modification etc. > > `sysctl -a' shows that the system by default runs in level `-1' > which means `always insecure'. > > So how should I increase the security level for example to `1' > (= secure) in multi-user mode and to `0' in single-user mode? > > Can it simply be done with `sysctl' or will this raise some > difficulties in standard multi-user mode (apart from the fact that the > kernel might only be replaced and the system log might only be truncated > in single-user mode)? Just do a sysctl -w 'kern.securelevel=0' in rc.local, and it should be fine. The secure level will automatically be raised. It will *not* be lowered on a switch back to single-user mode; you have to reboot to lower it. This is because there have been several problems with the approach of letting init lower the securelevel. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980123014722.46113>