System Security Profiles and Kernel Security (securelevel)
The FreeBSD kernel runs with five different levels of security, controlled by the kern_securelevel option in /etc/rc.conf—levels -1 through 3. Each of these settings corresponds to a profile that controls such things as whether the kernel can be replaced on the disk, whether kernel modules can be loaded or unloaded, whether certain file permissions and flags can be set or altered, whether filesystems can be mounted on demand, and whether utilities such as IPFW (the built-in firewall, which we will discuss shortly) can be disabled or modified. As we saw in Chapter 17, “Kernel Configuration,” the securelevel can be raised only during runtime—it can never be lowered except by rebooting. ...
Get FreeBSD® Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
