how to disable loadable kernel moduels?
Eduardo
sathler90 at gmail.com
Thu Feb 25 00:03:12 UTC 2010
If you do not want to change the secure level you can compile a static kernel:
# static kernel
makeoptions NO_MODULES=yes
put the above inside the kernel config file.
On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran <bruce at cran.org.uk> wrote:
> On Wed, 24 Feb 2010 16:47:25 -0600 (CST)
> Robert Bonomi <bonomi at mail.r-bonomi.com> wrote:
>
>> I'm building custom kernels for use in 'hostile' environments --
>> where I need to enforce "restricted" capabilities, even in the event
>> of malicious 'root' access. (if the bad guy has *physical* access to
>> the machine, I know I'm toast, so I don't try to protect against
>> _that_ in software -- beyond the usual access-control mechnisms, that
>> is.)
>
> See security(7) -
> http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7
>
> Securelevel 1 disables the loading of kernel modules; the manual page
> has far more details of how to secure the system further.
>
> --
> Bruce Cran
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list