kern secure level help
Chuck Swiger
cswiger at mac.com
Thu Jan 27 15:16:54 PST 2005
Sean Murphy wrote:
> I guess by default FeeBSD runs at -1
That's right.
> what would most of you recommend doing? is this primary to keep local
> users (ssh) in check? does it help in remote attacks (buffer overflow)
> is it even needed?
Read "man securelevel" and see for yourself what it does. High securelevels
are intended for dedicated applicances like network firewalls which do not
have interactive users, generally are not offering services to the world, are
expected to be configured once, and then left alone for long periods of time.
Setting a securelevel does not help in remote-access compromises like buffer
overflows in system daemons, which is why they are not particularly useful for
machines supporting interactive logins and offering network services. For
those, running portaudit and keeping the base-system and ports up to date is
more helpful...
--
-Chuck
More information about the freebsd-questions
mailing list