I normally run in securelevel 1 and according to the securelevel manual page not even root can change system immutable file flags. What I would like to do is set the schg and sappnd flags on as many system binaries as possible to improve security somewhat should my firewall get hacked.
Question is, will I still be able to rebuild world in securelevel 1 without running into all sorts of errors due to schg being set? Is there an easier and more efficient way of improving the security of a firewall or is this about my best bet. I've read the sections on MAC in the FreeBSD handbook but I'm afraid I'd end up locking myself out if I were to go this route as I don't understand enough about MAC as of yet. Thanks Gardner _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"