From owner-freebsd-security  Wed Dec 16 04:58:08 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA08940
          for freebsd-security-outgoing; Wed, 16 Dec 1998 04:58:08 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA08935
          for <FREEBSD-SECURITY@FreeBSD.ORG>; Wed, 16 Dec 1998 04:58:07 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id EAA26512;
	Wed, 16 Dec 1998 04:57:10 -0800 (PST)
Message-ID: <19981216045710.C24315@best.com>
Date: Wed, 16 Dec 1998 04:57:10 -0800
From: "Jan B. Koum " <jkb@best.com>
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>,
        Jay Tribick <netadmin@fastnet.co.uk>
Cc: Mark Newton <newton@camtech.com.au>, FREEBSD-SECURITY@FreeBSD.ORG
Subject: Re: append-only devices for logging
References: <Pine.BSF.4.05.9812100906050.9677-100000@bofh.fast.net.uk> <30042.913284025@zippy.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <30042.913284025@zippy.cdrom.com>; from Jordan K. Hubbard on Thu, Dec 10, 1998 at 02:00:25AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Dec 10, 1998 at 02:00:25AM -0800, "Jordan K. Hubbard" <jkh@zippy.cdrom.com> wrote:
> > True but if they have root then they can quite easily alter /etc/rc.local
> 
> Anyone setting their securelevel to 2 and *meaning* it will have also
> chflag'd many of the files in / (including this one) to be effectively
> read-only. There's no point in locking all your doors and leaving a
> window open, after all, and anyone clueful enough to run at such a
> high secure level should also be clueful enough to know where all the
> obvious doors and windows (like this one) are. :-)
> 
> - Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	Sorry to bring up the week old thread folks, but as a note:
	if/when you do really want to take advantage of the
	securelevels 2 or 3, your system pretty much becomes manageable 
	via console from a single user mode:

% ls -lod .
drwxr-xr-x  12 root  wheel  schg 512 Dec 12 01:38 .
% ls -lod ..
drwxr-xr-x  12 root  wheel  schg 512 Dec 12 01:38 ..
% ls -loid /
2 drwxr-xr-x  12 root  wheel  schg 512 Dec 12 01:38 /
% ls -loid /etc/rc*
15444 -r--r--r--  1 root  wheel  schg 8246 Dec 11 15:58 /etc/rc
15565 -r--r--r--  1 root  wheel  schg 8261 Dec 15 19:19 /etc/rc.conf
15890 -r--r--r--  1 root  wheel  schg 8238 Dec 10 02:58 /etc/rc.conf.previous
15502 -r--r--r--  1 root  wheel  schg 6946 Dec 12 00:15 /etc/rc.firewall
15892 -r--r--r--  1 root  wheel  schg 2848 Dec 10 02:58 /etc/rc.i386
15893 -r--r--r--  1 root  wheel  schg  641 Dec 10 02:58 /etc/rc.local
15894 -r--r--r--  1 root  wheel  schg 7923 Dec 10 02:58 /etc/rc.network
15895 -r--r--r--  1 root  wheel  schg  373 Dec 10 02:58 /etc/rc.pccard
15896 -r--r--r--  1 root  wheel  schg 3368 Dec 10 02:58 /etc/rc.serial
[snip] [daily/weekly/security/monthly/syslog.conf/ssh*] goes here

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message