From owner-freebsd-questions@FreeBSD.ORG Tue Oct 12 00:03:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63B8C16A501 for ; Tue, 12 Oct 2004 00:03:33 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 092ED43D39 for ; Tue, 12 Oct 2004 00:03:33 +0000 (GMT) (envelope-from z0cool@gmail.com) Received: by mproxy.gmail.com with SMTP id 77so629233rnl for ; Mon, 11 Oct 2004 17:03:32 -0700 (PDT) Received: by 10.38.74.32 with SMTP id w32mr1927514rna; Mon, 11 Oct 2004 17:03:32 -0700 (PDT) Received: by 10.38.75.31 with HTTP; Mon, 11 Oct 2004 17:03:32 -0700 (PDT) Message-ID: Date: Mon, 11 Oct 2004 20:03:32 -0400 From: Chris Collins To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: sysctl kern.securelevel=2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Collins List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 00:03:33 -0000 Hello Alll I was wondering what is the best kern.securelevel to run on a machine that provides general internet services, Web, FTP and Email. I don't want this so tight I cannot use the machine and I have also read in some post that having the secure level set to high can stop a fsck. I am running 4.8 stable with ipfw and current kern.securelevel at 0. After reading the man page I am thinking that I can safely at level 2 but I am not sure because of this line in the man page "plus disks may not be opened for writing (except by mount(2)) whether mounted or not" What exactly does this mean? Any help would be appreciated. Thanks Chris