kern.securelevel

Tim Judd tajudd at gmail.com
Sun Jun 21 20:30:27 UTC 2009 

On 6/21/09, Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
> Tim Judd <tajudd at gmail.com> writes:
>
>> Something dawned on me.  FreeBSD/Open/Net are all well secured
>> systems.  On an Internet-facing router, would applying a higher
>> kern.securelevel provide any better, tighter, higher security if the
>> machine was broken into?  Given you need to lower the securelevel
>> before multiuser, it is a reasonable to think raising the securelevel
>> will give higher comfort feeling?
>
> I can't understand your last sentence.

Let me try to rephrase it.
When securelevel is raised, to lower it to accomplish a task such as
installworld or something, you have to comment/lower the level in the
rc.conf and reboot in order to reach the lower level.  Once the
lower-level is reached (after a reboot, including assuming maybe SUM
might be able to change it), you can do your installworld and then
re-raise the securelevel back up.  keeping the securelevel up means
that nothing (poor choice of word.. "nothing" in terms of the perfect
world and no SA's are announced or anything) can be compromised and
altered without first loosing the connection to the box.

I dunno, this is a new idea I had on internet-facing routers (not
necessarily for secured servers or anything).  Just trying to get the
public's feel of who might be using it, why they're using it, and if
they feel safer using it.


I would love to hear if any popular corporations (big names, like
yahoo, hp, etc) are using this kind of secured approach.

>
> The obvious thing is that a raised securelevel only helps if it doesn't
> get in the way of operations you need to do.  A bit less obvious is that
> it only helps if you are sure you will know if the system reboots.

I would gladly put myself through the headache of the
lower/reboot/change config/raise if I can see if it makes sense to the
other big names that it's helping them stay secure.




The other idea I had was to mark for example ttyv0-7 secure
(preferably marking only ttyd0 on serial console secure), leaving the
rest insecure, raising securelevel and working that angle.

This is a post very seriously asking opinions on the securelevel
mechanism, and I am asking for people's opinion.  I know everyone is
different, but I am trying to get a feel for the public use of it.

--Tim

More information about the freebsd-questions mailing list