Date: Tue, 24 Oct 2023 13:08:37 +0200 From: =?utf-8?Q?Pawe=C5=82_Biernacki?= <kaktus@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-security@freebsd.org Subject: Re: securelevel 1 Message-ID: <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org> In-Reply-To: <ZTeaGFZjvcsKfbOW@int21h> References: <ZTeaGFZjvcsKfbOW@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
Setting kern.securelevel to 1 makes the kernel to enforce the = system-level immutable and append-only flags (see chflags(1/2)). Unless you do something extra, syslogd will create new files without = these flags and newsyslog will rotate them as expected. =20 Hope that helps, Pawe=C5=82. > On 24 Oct 2023, at 12:19, void <void@f-m.fm> wrote: >=20 > Hi, >=20 > I'd like to set append-only on an arm64 system running = stable/14-n265566 > (so securelevel=3D1) but how would newsyslog(8) handle it? How will it = rotate > logs? >=20 > --=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6638DADD-FCDB-492C-B1E8-441C6622038B>