Date: Mon, 26 Nov 2001 09:04:47 -0600 From: Mike Meyer <mwm@mired.org> To: "Anthony Atkielski" <anthony@freebie.atkielski.com> Cc: questions@freebsd.org Subject: Re: What is the best secure_level setting? Message-ID: <15362.23055.336143.894625@guru.mired.org> In-Reply-To: <7413761@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Anthony Atkielski <anthony@freebie.atkielski.com> types: > I am looking at secure_level in FreeBSD and wondering what setting is > appropriate. The default seems to be the lowest possible setting of -1, but I > don't see any obvious reason why I can't run at +1. What levels do you all run > your systems at normally? > > I've already been warned that X servers won't run on a machine at > secure_level=1, but for me that's just another reason not to use X servers on > the host machine, not a reason to keep the secure_level lower. Once you turn it up to 1, you can't install a new kernel or load kernel modules. Other things - hardware health monitors, for instance - also fail. For those reasons, I run things that aren't accessible from the internet at large at -1. If an attacker has a shell account on such a machine, the network is already fubar'ed, and I like being able to install new kernels and run hardware health monitors on them. Things that can be reached from the internet are set to 3. System things on them don't change very often, so this isn't much of an inconvenience. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15362.23055.336143.894625>