Date: Wed, 24 Feb 2010 20:40:53 -0300 From: Eduardo <sathler90@gmail.com> To: bonomi@mail.r-bonomi.com Cc: questions@freebsd.org Subject: Re: how to disable loadable kernel moduels? Message-ID: <a51b9b5f1002241540ked49f5fj3bc09981d5f295ea@mail.gmail.com> In-Reply-To: <20100224231923.0000022c@unknown> References: <201002242247.o1OMlPov010540@mail.r-bonomi.com> <20100224231923.0000022c@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help
If you do not want to change the secure level you can compile a static kern= el: # static kernel makeoptions NO_MODULES=3Dyes put the above inside the kernel config file. On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran <bruce@cran.org.uk> wrote: > On Wed, 24 Feb 2010 16:47:25 -0600 (CST) > Robert Bonomi <bonomi@mail.r-bonomi.com> wrote: > >> I'm building custom kernels for use in 'hostile' environments -- >> where I need to enforce "restricted" capabilities, even in the event >> of malicious 'root' access. =A0(if the bad guy has *physical* access to >> the machine, I know I'm toast, so I don't try to protect against >> _that_ in software -- beyond the usual access-control mechnisms, that >> is.) > > See security(7) - > http://www.freebsd.org/cgi/man.cgi?query=3Dsecurity&sektion=3D7 > > Securelevel 1 disables the loading of kernel modules; the manual page > has far more details of how to secure the system further. > > -- > Bruce Cran > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a51b9b5f1002241540ked49f5fj3bc09981d5f295ea>