how to disable loadable kernel moduels?
Bruce Cran
bruce at cran.org.uk
Wed Feb 24 23:19:36 UTC 2010
On Wed, 24 Feb 2010 16:47:25 -0600 (CST)
Robert Bonomi <bonomi at mail.r-bonomi.com> wrote:
> I'm building custom kernels for use in 'hostile' environments --
> where I need to enforce "restricted" capabilities, even in the event
> of malicious 'root' access. (if the bad guy has *physical* access to
> the machine, I know I'm toast, so I don't try to protect against
> _that_ in software -- beyond the usual access-control mechnisms, that
> is.)
See security(7) -
http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7
Securelevel 1 disables the loading of kernel modules; the manual page
has far more details of how to secure the system further.
--
Bruce Cran
More information about the freebsd-questions
mailing list