Re: Securing FreeBSD.
- Reply: Albert Shih : "Re: Securing FreeBSD."
- In reply to: Albert Shih : "Re: Securing FreeBSD."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 05 Apr 2025 01:40:53 UTC
Good advise Albert. If you really want to prevent root access then, the next step is kldload mac_bsdextended and use ugidfw. Refer to handbook example: https://docs.freebsd.org/en/books/handbook/book/#mac-bsdextended I use this for some files. >> Isn't the very definition of root (superuser) is that they can do *ANYTHING*? > > Well....not always...try this : > > echo 'kern.securelevel=2' >> /etc/sysctl.conf > chflags schg /etc/sysctl.conf > sysctl kern.securelevel=2 > touch /root/file > chflags schg /root/file > > and tell me how you will remove the file > > /root/file > > without be in the front of the server (no IPMI, no drac etc.) > > Regards