I have read different views about implementing a secure level on FreeBSD
on the web
one said to implement it and gave certain things that it does at the
different levels -1, 0, 1, 2
one said that it would break certain applications as the need to write
to some /dev areas
one even said it is a
Sean Murphy wrote:
I guess by default FeeBSD runs at -1
That's right.
what would most of you recommend doing? is this primary to keep local
users (ssh) in check? does it help in remote attacks (buffer overflow)
is it even needed?
Read man securelevel and see for yourself what it does. High
Sean Murphy writes:
SM what would most of you recommend doing?
I've been running at securelevel=3 for years. There are some things
that won't work (such as X servers), but not enough to be a problem for
me.
I've set the system immutable flag on virtually all the binaries as
well (not the