> So optimal security would be have every > needed component compiled in, and turn off the ability to load any modules. > I have no idea if this can be done or how in FreeBSD.
This is what securelevel(8) is about:
[...]
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem, and
/dev/kmem may not be opened for writing; kernel modules (see
kld(4)) may not be loaded or unloaded.
[...]
> http://packetstorm.decepticons.org/papers/unix/bsdkern.htm
Ah, interesting one! Thanks :-)
Simon
signature.asc
Description: Digital signature
