Securing FreeBSD.

Reply: Paul Procacci : "Re: Securing FreeBSD."
Reply: David Christensen : "Re: Securing FreeBSD."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Albert Shih <Albert.Shih_at_obspm.fr>
Date: Fri, 04 Apr 2025 17:13:36 UTC

Hi everyone. 

Is they are any way to secure a FreeBSD to prevent destroying data ? 

I find out even with 

  kern.securelevel=2 

root can still do something like 

  umount /data
  gpart delete -i 1 dev_under_data

then create something different with for example

  gpart add -t something -a somethingdifferentfrominit dev_under_data

I also try zfs, but zpool can still be use to destroy every pool.

Currently the only solution I find is to create a huge / and store data
under / (no a partition), because I'm guessing it would be hard to umount /

Any other solution ? 

For example, I see with securelevel=2 the «bad guy» would be unable to
create a new filesystem, so is they are any way to backup the «partition
table» ? And put them back after he create another ? 

Regards

-- 
Albert SHIH 🦫 🐸
Heure locale/Local time:
ven. 04 avril 2025 19:06:58 CEST