Fernan,
You can disable newsyslog by adding newsyslog_enable="NO" to your
/etc/rc.conf or /etc/rc.conf.local
Also be aware that you will need to reboot with
kern_securelevel_enable="NO" in one of those files, to lower the
securelevel.
You should also consider a remote syslog host.
Bryan
Fernan Aguero wrote:
Hi,
I'd like to harden my FreeBSD installation, and thus would like to, e.g.
i) chflags sappnd /var/log/*
ii) raise the securelevel of the system
Is this possible? I've read elsewhere that newsyslog would not work in
such a system ... what are the possible workarounds?
I wouldn't bother taking the system down once a week or every other
week, and manually lowering the securelevel, running newsyslog, etc.
Is there a guide somewhere on how to go about this?
Thanks!
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
