similar to: X & securelevel=3

has anyone played with the securelevel variable in the kernel and the immutable flags in the ext2 file system? The only way I have found to change the flag is by patching sched.c from int securelevel=0 to int securelevel=1 The sysctrl code seems to allow the setting of the flag only by init (PID=1) and only upwards (0->1, etc). The problem is that I haven''t found a way to get init

I've read about securelevel in the mailing list archive, and found some pitfalls (and seems to me to be discarded soon). But According to me, the following configuration should offer a good security: - mount root fs read only at boot; - set securelevel to 3; - do not permit to unmount/remount roots fs read-write (now it is possible by means of "mount -uw /"); - the only way to make

On Sat, 29 May 2004 12:00:52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: Insufficient range checking of signal numbers Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:02 Security Advisory FreeBSD, Inc. Topic: security compromise via mmap Category: core Module: kernel Announced: 1998-03-12 Affects:

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

Thanks for the module, I think its a good idea to commit it to FreeBSD for a few reasons: 1) Some folks just prefer more static kernels. 2) Securelevel is a great thing, but can be a pain to do upgrades around remotely. [A lot of folks use FreeBSD simply because its a breeze to run remotely]. 3) Until someone writes code to add modules to a kernel via /dev/mem and releases it to the script

Hi, I'm running 4.8-STABLE but I'm having some problems installing a new kernel. (in /usr/src make installkernel). mv /kernel /kernel.old operation not permitted My securelevel is currently set to -1 (kern_securelevel=-1) and kern_securelevel_enable="NO" I have already executed chflags noschg /kernel and /kernel.old (while in single user mode). What am I missing? Thanks.

root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow

Hi, Sorry for cross posting. I have with FreeBSD 5.3-stable server which serves as a public shell server. FreeBSD public.ub.mng.net 5.3-STABLE FreeBSD 5.3-STABLE #6: Wed Nov 24 15:55:36 ULAT 2004 tsgan@public.ub.mng.net:/usr/obj/usr/src/sys/PSH i386 It has ssh and proftp-1.2.10 daemons. However it was hacked and I'm trying to analyze it and having some difficulties. Machine is

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this

Hello, I see a reproducable panic when doing ibping and aborting it with ^C. My setup is two machines with Mellanox Infinihost III HCAs (one Linux one FreeBSD) connected back-to-back. Details below. I can upload 2 crash dumps, if this is useful. For some reason the port doesn't become ACTIVE, so no packets arrive, but that is probably unrelated. % uname -a FreeBSD cosel.inf.tu-dresden.de

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

I'm currently administering a machine about 1500mi from me with nobody local to the machine to assist me. Anyways, my only access to this machine is via SSH, no remote serial console or anything. When I try to do a "make installworld" I end up with install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not permitted very shortly thereafter. I cannot boot

I'm not subscribed to this list; but I read that Matthew Dillon has ported the dvd+rw tools to FreeBSD. I just compiled and installed the application; but I can't burn to a DVD+RW on a Sony DRU-500A. command: growisofs -Z /dev/acd0c -rl ./testfile result: ":-( unable to CAMGETPASSTHRU for /dev/acd0c: Inappropriate ioctl for device" The DVD+RW website:

Hi all, I moved from 8.0-RELEASE to last week's -STABLE: $ uname -v FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC and all seems well except my network card is unusable. On boot up: em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0 em0: Setup

Hi, I am having trouble using my dvd drive in KDE, as it wont mount, using dvd, cd, cdrw. all I get is the error message saying: Could not mount device. The reported error was: cd9660: /dev/acd0: Invalid argument Has anyone got a solution for this? Thanks, Brian

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:77 Security Advisory FreeBSD, Inc. Topic: Several vulnerabilities in procfs Category: core Module: procfs Announced: 2000-12-18

Hi , I'm disperated I've recently installed FreeBSD 4.8 ,and all at the first look was ok , this was only a try in a small partition , and now I have decided to install it in a bigger partition , so I've downloaded the 5.1 ISO (to give it a try too) and I've tried to BURN it with "burncd" . Now, I've noticed that in the DEV directory there are the devices

Hello, I was wondering if it was possible to limit user access on /proc without having to use securelevels. For some reason chmod 751 /proc (or 750) does nothing. Is this possible on FreeBSD 4.9 ? Can't find anything about it in the manual pages. Just want to prevent lusers from running: for file in /proc/*/cmdline; do cat $file; echo; done Greetz, Jimmy Scott