> So optimal security would be have every > needed component compiled in, and turn off the ability to load any modules. > I have no idea if this can be done or how in FreeBSD.
This is what securelevel(8) is about: [...] 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded. [...] > http://packetstorm.decepticons.org/papers/unix/bsdkern.htm Ah, interesting one! Thanks :-) Simon
signature.asc
Description: Digital signature