Date: Tue, 24 Oct 2023 13:08:37 +0200 From: =?utf-8?Q?Pawe=C5=82_Biernacki?= <kaktus@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-security@freebsd.org Subject: Re: securelevel 1 Message-ID: <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org> In-Reply-To: <ZTeaGFZjvcsKfbOW@int21h> References: <ZTeaGFZjvcsKfbOW@int21h>
index | next in thread | previous in thread | raw e-mail
Setting kern.securelevel to 1 makes the kernel to enforce the system-level immutable and append-only flags (see chflags(1/2)). Unless you do something extra, syslogd will create new files without these flags and newsyslog will rotate them as expected. Hope that helps, Paweł. > On 24 Oct 2023, at 12:19, void <void@f-m.fm> wrote: > > Hi, > > I'd like to set append-only on an arm64 system running stable/14-n265566 > (so securelevel=1) but how would newsyslog(8) handle it? How will it rotate > logs? > > -- >help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6638DADD-FCDB-492C-B1E8-441C6622038B>