Hi,
I'd like to harden my FreeBSD installation, and thus would like to, e.g.
i) chflags sappnd /var/log/*
ii) raise the securelevel of the system
Is this possible? I've read elsewhere that newsyslog would not work in
such a system ... what are the possible workarounds?
I wouldn't bother taking
Fernan,
You can disable newsyslog by adding newsyslog_enable=NO to your
/etc/rc.conf or /etc/rc.conf.local
Also be aware that you will need to reboot with
kern_securelevel_enable=NO in one of those files, to lower the
securelevel.
You should also consider a remote syslog host.
Bryan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2010/07/12 11:04, Fernan Aguero wrote:
Hi,
I'd like to harden my FreeBSD installation, and thus would like to, e.g.
i) chflags sappnd /var/log/*
ii) raise the securelevel of the system
Is this possible? I've read elsewhere that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-10:07.mbuf Security Advisory
The FreeBSD Project
Topic: