Date: Wed, 16 Dec 1998 04:57:10 -0800 From: "Jan B. Koum " <jkb@best.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Jay Tribick <netadmin@fastnet.co.uk> Cc: Mark Newton <newton@camtech.com.au>, FREEBSD-SECURITY@FreeBSD.ORG Subject: Re: append-only devices for logging Message-ID: <19981216045710.C24315@best.com> In-Reply-To: <30042.913284025@zippy.cdrom.com>; from Jordan K. Hubbard on Thu, Dec 10, 1998 at 02:00:25AM -0800 References: <Pine.BSF.4.05.9812100906050.9677-100000@bofh.fast.net.uk> <30042.913284025@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 10, 1998 at 02:00:25AM -0800, "Jordan K. Hubbard" <jkh@zippy.cdrom.com> wrote: > > True but if they have root then they can quite easily alter /etc/rc.local > > Anyone setting their securelevel to 2 and *meaning* it will have also > chflag'd many of the files in / (including this one) to be effectively > read-only. There's no point in locking all your doors and leaving a > window open, after all, and anyone clueful enough to run at such a > high secure level should also be clueful enough to know where all the > obvious doors and windows (like this one) are. :-) > > - Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Sorry to bring up the week old thread folks, but as a note: if/when you do really want to take advantage of the securelevels 2 or 3, your system pretty much becomes manageable via console from a single user mode: % ls -lod . drwxr-xr-x 12 root wheel schg 512 Dec 12 01:38 . % ls -lod .. drwxr-xr-x 12 root wheel schg 512 Dec 12 01:38 .. % ls -loid / 2 drwxr-xr-x 12 root wheel schg 512 Dec 12 01:38 / % ls -loid /etc/rc* 15444 -r--r--r-- 1 root wheel schg 8246 Dec 11 15:58 /etc/rc 15565 -r--r--r-- 1 root wheel schg 8261 Dec 15 19:19 /etc/rc.conf 15890 -r--r--r-- 1 root wheel schg 8238 Dec 10 02:58 /etc/rc.conf.previous 15502 -r--r--r-- 1 root wheel schg 6946 Dec 12 00:15 /etc/rc.firewall 15892 -r--r--r-- 1 root wheel schg 2848 Dec 10 02:58 /etc/rc.i386 15893 -r--r--r-- 1 root wheel schg 641 Dec 10 02:58 /etc/rc.local 15894 -r--r--r-- 1 root wheel schg 7923 Dec 10 02:58 /etc/rc.network 15895 -r--r--r-- 1 root wheel schg 373 Dec 10 02:58 /etc/rc.pccard 15896 -r--r--r-- 1 root wheel schg 3368 Dec 10 02:58 /etc/rc.serial [snip] [daily/weekly/security/monthly/syslog.conf/ssh*] goes here -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981216045710.C24315>