Re: securelevel 1
- Reply: Peter Pentchev : "Re: securelevel 1"
- In reply to: Dag-Erling_Smørgrav : "Re: securelevel 1"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Oct 2023 02:34:28 UTC
On Thu, Oct 26, 2023 at 11:36:22PM +0200, Dag-Erling Smørgrav wrote: >void <void@f-m.fm> writes: >> In order to accomplish what I'd like, I understand that I'd need to set +schg >> on the individual logs, then set the securelevel afterwards and reboot. > >If you set the log file +schg, it can't be written to at all. That's >obviously not what you want. Yes, I'm sorry; I meant to type +sappnd >If you set it +sappnd, it can be written to, and newsyslog will be able >to rotate it; an attacker with superuser privileges will also be able to >replace it with a doctored file. Yes. But if sappend is set on the required files, and then securelevel=1 is set, then nothing can change the flag while the system is multiuser. That is, if I'm understanding correctly? So, on such a system, if I understand correctly, newsyslog would need to be turned off. Am I correct in understanding that securelevel could be lowered to -1 while in single user mode (for eg the purposes of upgrading); one would have to comment out the securelevel variables in rc.conf before booting multiuser? newsyslog could be run on that occasion, then securelevel set to 1 again. >There is no way to allow one without the other. The usual solution is >to log to a remote machine. That's planned. --