Displaying 20 results from an estimated 400 matches similar to: "X & securelevel=3"
1996 Nov 18
1
Chattr +i and securelevel
has anyone played with the securelevel variable in the kernel and the
immutable flags in the ext2 file system?
The only way I have found to change the flag is by
patching sched.c from
int securelevel=0
to int securelevel=1
The sysctrl code seems to allow the setting of the flag
only by init (PID=1) and only upwards (0->1, etc).
The problem is that I haven''t found a way to get
init
2004 Feb 11
5
Question about securelevel
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is possible
by means of "mount -uw /");
- the only way to make
2004 Jun 07
1
freebsd-security Digest, Vol 61, Issue 3
On Sat, 29 May 2004 12:00:52 -0700 (PDT),
<freebsd-security-request@freebsd.org> wrote:
Hello !
Today i see in snort logs :
[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566
TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:
2003 Aug 11
1
FreeBSD Security Advisory FreeBSD-SA-03:09.signal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:09.signal Security Advisory
The FreeBSD Project
Topic: Insufficient range checking of signal numbers
Category: core
Module: sys
Announced:
1998 Mar 12
2
FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-98:02 Security Advisory
FreeBSD, Inc.
Topic: security compromise via mmap
Category: core
Module: kernel
Announced: 1998-03-12
Affects:
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1)
2004 Sep 29
5
Kernel-loadable Root Kits
Thanks for the module, I think its a good idea to commit it to FreeBSD
for a few reasons:
1) Some folks just prefer more static kernels.
2) Securelevel is a great thing, but can be a pain to do upgrades around
remotely. [A lot of folks use FreeBSD simply because its a breeze to run
remotely].
3) Until someone writes code to add modules to a kernel via /dev/mem and
releases it to the script
2003 May 09
2
Problem installing kernel in single usermode
Hi,
I'm running 4.8-STABLE but I'm having some problems installing a new
kernel.
(in /usr/src make installkernel).
mv /kernel /kernel.old operation not permitted
My securelevel is currently set to -1 (kern_securelevel=-1) and
kern_securelevel_enable="NO"
I have already executed chflags noschg /kernel and /kernel.old (while in
single user mode).
What am I missing?
Thanks.
2003 May 24
1
ipfirewall(4)) cannot be changed
root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root@vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root@vigilante /root cuaa1# ipfw show
00100 0 0 allow
2004 Dec 16
2
Strange command histories in hacked shell server
Hi,
Sorry for cross posting.
I have with FreeBSD 5.3-stable server which serves as a public shell server.
FreeBSD public.ub.mng.net 5.3-STABLE FreeBSD 5.3-STABLE #6: Wed Nov 24
15:55:36 ULAT 2004 tsgan@public.ub.mng.net:/usr/obj/usr/src/sys/PSH i386
It has ssh and proftp-1.2.10 daemons.
However it was hacked and I'm trying to analyze it and having some
difficulties.
Machine is
2003 Jun 08
4
Removable media security in FreeBSD
I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system
on which she neither has nor wants root privileges. She wants to be able to
mount and unmount floppies and ZIP cartridges from within KDE, using the
standard KwikDisk utility (which, by the way, generates mount and unmount
command that don't conform to FreeBSD syntax; however, it appears possible
to fix this
2013 Jun 06
1
Reproducable Infiniband panic
Hello,
I see a reproducable panic when doing ibping and aborting it with ^C. My
setup is two machines with Mellanox Infinihost III HCAs (one Linux one
FreeBSD) connected back-to-back.
Details below. I can upload 2 crash dumps, if this is useful. For some
reason the port doesn't become ACTIVE, so no packets arrive, but that is
probably unrelated.
% uname -a
FreeBSD cosel.inf.tu-dresden.de
1998 May 23
7
Re: Re: Re: Bind Overrun Bug and Linux (fwd)
> > systems which no longer seem to have this. This file contained an archive of
> > the trojan''s that were inserted into the compromised system - does anybody know
> > what is in these trojans?
>
> Check the Linux RootKit ... (LRK)..
>
> Typically LRK to use config-files.. (and typically LRK-users to place
> files in /dev.. find /dev -type f | grep -v
2006 Mar 01
3
Remote Installworld
I'm currently administering a machine about 1500mi from me with nobody
local to the machine to assist me. Anyways, my only access to this
machine is via SSH, no remote serial console or anything.
When I try to do a "make installworld" I end up with
install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not
permitted
very shortly thereafter. I cannot boot
2003 Jun 16
1
dvd+rw+r for FreeBSD
I'm not subscribed to this list; but I read that
Matthew Dillon has ported the dvd+rw tools to FreeBSD.
I just compiled and installed the application; but I
can't burn to a DVD+RW on a Sony DRU-500A.
command: growisofs -Z /dev/acd0c -rl ./testfile
result: ":-( unable to CAMGETPASSTHRU for /dev/acd0c:
Inappropriate ioctl for device"
The DVD+RW website:
2010 Sep 06
2
MSIX failure
Hi all, I moved from 8.0-RELEASE to last week's -STABLE:
$ uname -v
FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC
and all seems well except my network card is unusable. On boot up:
em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0
em0: Setup
2003 Jul 28
5
DVD Drive wont mount
Hi, I am having trouble using my dvd drive in KDE, as it wont mount, using dvd, cd, cdrw. all I get is the error message saying:
Could not mount device.
The reported error was:
cd9660: /dev/acd0: Invalid argument
Has anyone got a solution for this?
Thanks,
Brian
2000 Dec 18
0
FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:77 Security Advisory
FreeBSD, Inc.
Topic: Several vulnerabilities in procfs
Category: core
Module: procfs
Announced: 2000-12-18
2003 Jul 25
3
FreeBSD doesn't find my CD-RW and sometimes my DVD
Hi , I'm disperated
I've recently installed FreeBSD 4.8 ,and all at the first look was ok ,
this was only a try in a small partition , and now I have decided to
install it in a bigger partition , so I've downloaded the 5.1 ISO (to
give it a try too) and I've tried to BURN it with "burncd" . Now, I've
noticed that in the DEV directory there are the devices
2004 Feb 29
2
procfs + chmod = no go
Hello,
I was wondering if it was possible to limit user access on /proc
without having to use securelevels.
For some reason chmod 751 /proc (or 750) does nothing.
Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
manual pages. Just want to prevent lusers from running:
for file in /proc/*/cmdline; do cat $file; echo; done
Greetz,
Jimmy Scott