From owner-freebsd-questions@FreeBSD.ORG Sun Jun 21 20:10:46 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99B9E1065672 for ; Sun, 21 Jun 2009 20:10:46 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from mail-ew0-f212.google.com (mail-ew0-f212.google.com [209.85.219.212]) by mx1.freebsd.org (Postfix) with ESMTP id 2C4678FC17 for ; Sun, 21 Jun 2009 20:10:45 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: by ewy8 with SMTP id 8so3314125ewy.43 for ; Sun, 21 Jun 2009 13:10:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=2FVTGRmlujDAJuixGM5SrdhL3bdeMyGsEbz448jqtXs=; b=idLdfS/HoFygiLbXhOGcsR5ULA+16TQRJScMg62ZWi1uGu4d/dveA4lIybRKm2Va3L ZAMQ4ar5cLf2S79eaQKpHyLEeaWXidx1TcIoPXP5poKTXPkKP99fDrARBbDgaxZwsjPs 8GrRy0TYeyWjmK63AmVr7M+A854e7Bj5ZmyI0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=O3qOy4jYcc/qWBie/NdZ95Xogn4rE+BvNA1pusbi1CdZrJLqb94Awte9Sb+cjgoOhy nUXDHV0TgL9VXn8e9JxWQdjLiqX9H/Knxe4knbHwa0kylPwV2hTYczJv88yo6mPoXr6D yfEhBJLpjkG+Ik1LLdO1E7DSzA99c9YLX799M= MIME-Version: 1.0 Received: by 10.216.29.201 with SMTP id i51mr1940656wea.214.1245615045139; Sun, 21 Jun 2009 13:10:45 -0700 (PDT) In-Reply-To: References: From: Chris Rees Date: Sun, 21 Jun 2009 21:10:25 +0100 Message-ID: To: Tim Judd Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions Subject: Re: kern.securelevel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2009 20:10:46 -0000 2009/6/19 Tim Judd : > Something dawned on me. =A0FreeBSD/Open/Net are all well secured > systems. =A0On an Internet-facing router, would applying a higher > kern.securelevel provide any better, tighter, higher security if the > machine was broken into? =A0Given you need to lower the securelevel > before multiuser, it is a reasonable to think raising the securelevel > will give higher comfort feeling? > > > I know this is a logical/thinking/mind question, but that's what I'm aski= ng for. > By all means raise your securelevel if you're happy with firewall rules, and don't ever need to change flags on files, but really, unless you expect root to be broken, it's kinda annoying. Just disallow root access to EVERYTHING, ssh, telnet (if you're mad enough to run it facing the net), ftp, etc. Chris --=20 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?