|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Question about securelevel
roberto
redix.it
Date: Wed Feb 11 2004 - 09:13:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>
> Change the "console" line in /etc/ttys from "secure" to "insecure", that
> will make your administrator enter the root password when booting to
> single user.
>
> When using securelevel, you might also want to use a script to set the
> immutable flag on various parts of the file system.
>
> There's also much more to securing a box than just using securelevel.
>
1- OK I've already set console to insecure, I do not like the single user
mode offer a shell without password.
2- But instead of set the immutable flags over several files, seems to me
more simple (and not error prone) to set the root file system read-only
(simple to do) and to find a way it could not be remounted rw while
securelevel == 3!
3- OK agree with you: there's also much more to securing a box than just
using securelevel, but using a securelevel+readonly file system, is a step
foreward in security?
Regards
Roberto
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]