Re: Securing FreeBSD.
- Reply: Albert Shih : "Re: Securing FreeBSD."
- In reply to: Albert Shih : "Securing FreeBSD."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Apr 2025 18:45:16 UTC
On 4/4/25 10:13, Albert Shih wrote: > Hi everyone. > > Is they are any way to secure a FreeBSD to prevent destroying data ? > > I find out even with > > kern.securelevel=2 > > root can still do something like > > umount /data > gpart delete -i 1 dev_under_data > > then create something different with for example > > gpart add -t something -a somethingdifferentfrominit dev_under_data > > I also try zfs, but zpool can still be use to destroy every pool. > > Currently the only solution I find is to create a huge / and store data > under / (no a partition), because I'm guessing it would be hard to umount / > > Any other solution ? > > For example, I see with securelevel=2 the «bad guy» would be unable to > create a new filesystem, so is they are any way to backup the «partition > table» ? And put them back after he create another ? > > Regards It sounds like you want read-only storage media (?). Burning your data to a CD-R/DVD-R/BD-R disc comes to mind. Another option is a USB flash drive with a physical write-protect switch: https://www.kanguru.com/products/defender-elite30-usb-3-0-hardware-encrypted-flash-drive https://www.kanguru.com/products/kanguru-defender-elite300-fips-140-2-certified-secure-superspeed-usb-3-0-hardware-encrypted-flash-drive?variant=41077736833139 Searching Amazon, I found external disk drive enclosures with various features; including write-protect: https://www.iodd.shop/all-products David