Improving System Security

Gardner Bell gbell72 at
Thu Jan 27 13:23:47 PST 2005

I normally run in securelevel 1 and according to the securelevel manual page
not even root can change system immutable file flags.  What I would
like to do is set the schg and sappnd flags on as many system binaries
as possible to improve security somewhat should my firewall get

Question is, will I still be able to rebuild world in securelevel 1
without running into all sorts of errors due to schg being set?  Is
there an easier and more efficient way of improving the security of a
firewall or is this about my best bet.  I've read the sections on MAC
in the FreeBSD handbook but I'm afraid I'd end up locking myself out
if I were to go this route as I don't understand enough about MAC as
of yet.


More information about the freebsd-questions mailing list