kern.securelevel

[Chris Rees]

2009/6/19 Tim Judd <tajudd at gmail.com>:
> Something dawned on me.  FreeBSD/Open/Net are all well secured
> systems.  On an Internet-facing router, would applying a higher
> kern.securelevel provide any better, tighter, higher security if the
> machine was broken into?  Given you need to lower the securelevel
> before multiuser, it is a reasonable to think raising the securelevel
> will give higher comfort feeling?
>
>
> I know this is a logical/thinking/mind question, but that's what I'm asking for.
>

By all means raise your securelevel if you're happy with firewall
rules, and don't ever need to change flags on files, but really,
unless you expect root to be broken, it's kinda annoying.

Just disallow root access to EVERYTHING, ssh, telnet (if you're mad
enough to run it facing the net), ftp, etc.

Chris
-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?