Date: Wed, 24 Feb 2010 23:19:23 +0000 From: Bruce Cran <bruce@cran.org.uk> To: Robert Bonomi <bonomi@mail.r-bonomi.com> Cc: questions@freebsd.org Subject: Re: how to disable loadable kernel moduels? Message-ID: <20100224231923.0000022c@unknown> In-Reply-To: <201002242247.o1OMlPov010540@mail.r-bonomi.com> References: <201002242247.o1OMlPov010540@mail.r-bonomi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 Feb 2010 16:47:25 -0600 (CST) Robert Bonomi <bonomi@mail.r-bonomi.com> wrote: > I'm building custom kernels for use in 'hostile' environments -- > where I need to enforce "restricted" capabilities, even in the event > of malicious 'root' access. (if the bad guy has *physical* access to > the machine, I know I'm toast, so I don't try to protect against > _that_ in software -- beyond the usual access-control mechnisms, that > is.) See security(7) - http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7 Securelevel 1 disables the loading of kernel modules; the manual page has far more details of how to secure the system further. -- Bruce Cran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100224231923.0000022c>