kern.securelevel

[Lowell Gilbert]

Tim Judd <tajudd at gmail.com> writes:

> Something dawned on me.  FreeBSD/Open/Net are all well secured
> systems.  On an Internet-facing router, would applying a higher
> kern.securelevel provide any better, tighter, higher security if the
> machine was broken into?  Given you need to lower the securelevel
> before multiuser, it is a reasonable to think raising the securelevel
> will give higher comfort feeling?

I can't understand your last sentence.

The obvious thing is that a raised securelevel only helps if it doesn't
get in the way of operations you need to do.  A bit less obvious is that
it only helps if you are sure you will know if the system reboots.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/