From owner-freebsd-questions@FreeBSD.ORG Thu Feb 25 00:03:11 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7CA5106566B for ; Thu, 25 Feb 2010 00:03:11 +0000 (UTC) (envelope-from sathler90@gmail.com) Received: from mail-fx0-f223.google.com (mail-fx0-f223.google.com [209.85.220.223]) by mx1.freebsd.org (Postfix) with ESMTP id 7ED898FC15 for ; Thu, 25 Feb 2010 00:03:11 +0000 (UTC) Received: by fxm23 with SMTP id 23so268956fxm.3 for ; Wed, 24 Feb 2010 16:03:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=C/x5nJBIwOjmLDIrwhyw/s8aMHuyuOWDIg3myUO99DE=; b=YrIYx3jCEe9p0eoppHJpvYizjMMPDK9plJC49emOIqEiYgVBRaTnGFBTxit2ehon/8 4dU1itJiUusaB82CL3iDOdjSbaoU9Y7oH8xNs4nB0VGFxjBh0JjpYLzoSvtZJYsiGQxc tXwuuvTbgce6m7iDIjKte/CnnEg2Rxy1ffwfU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=WPtEekTpLgFmu/SLRClHE9qv1p2nqQ6xjiRMn1EU0UKGrGKpCEaMiu/HWVz046xtiM U9xYtZ8sLtqQA2nmSKpQTqHPt9GUde/CsTUVRU6RfcctPSIwKgjtEhVdCQsnZRVvlSGl 9kbxcqS2CZ+b6wJzNWhoxdQBKwtxa0vva+Tbs= MIME-Version: 1.0 Received: by 10.239.189.80 with SMTP id s16mr42841hbh.43.1267054853598; Wed, 24 Feb 2010 15:40:53 -0800 (PST) In-Reply-To: <20100224231923.0000022c@unknown> References: <201002242247.o1OMlPov010540@mail.r-bonomi.com> <20100224231923.0000022c@unknown> Date: Wed, 24 Feb 2010 20:40:53 -0300 Message-ID: From: Eduardo To: bonomi@mail.r-bonomi.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: questions@freebsd.org Subject: Re: how to disable loadable kernel moduels? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2010 00:03:12 -0000 If you do not want to change the secure level you can compile a static kern= el: # static kernel makeoptions NO_MODULES=3Dyes put the above inside the kernel config file. On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran wrote: > On Wed, 24 Feb 2010 16:47:25 -0600 (CST) > Robert Bonomi wrote: > >> I'm building custom kernels for use in 'hostile' environments -- >> where I need to enforce "restricted" capabilities, even in the event >> of malicious 'root' access. =A0(if the bad guy has *physical* access to >> the machine, I know I'm toast, so I don't try to protect against >> _that_ in software -- beyond the usual access-control mechnisms, that >> is.) > > See security(7) - > http://www.freebsd.org/cgi/man.cgi?query=3Dsecurity&sektion=3D7 > > Securelevel 1 disables the loading of kernel modules; the manual page > has far more details of how to secure the system further. > > -- > Bruce Cran > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >