1*14599250SDevin TeskeThis menu allows you to configure the Securelevel mechanism in FreeBSD. 2*14599250SDevin Teske 3*14599250SDevin TeskeSecurelevels may be used to limit the privileges assigned to the 4*14599250SDevin Teskeroot user in multi-user mode, which in turn may limit the effects of 5*14599250SDevin Teskea root compromise, at the cost of reducing administrative functions. 6*14599250SDevin TeskeRefer to the security(7) and init(8) manual pages for complete details. 7*14599250SDevin Teske 8*14599250SDevin Teske -1 Permanently insecure mode - always run the system in level 0 9*14599250SDevin Teske mode. This is the default initial value. 10*14599250SDevin Teske 11*14599250SDevin Teske 0 Insecure mode - immutable and append-only flags may be turned 12*14599250SDevin Teske off. All devices may be read or written subject to their 13*14599250SDevin Teske permissions. 14*14599250SDevin Teske 15*14599250SDevin Teske 1 Secure mode - the system immutable and system append-only 16*14599250SDevin Teske flags may not be turned off; disks for mounted file systems, 17*14599250SDevin Teske /dev/mem, /dev/kmem and /dev/io (if your platform has it) 18*14599250SDevin Teske may not be opened for writing; kernel modules (see kld(4)) 19*14599250SDevin Teske may not be loaded or unloaded. 20*14599250SDevin Teske 21*14599250SDevin Teske 2 Highly secure mode - same as secure mode, plus disks may not 22*14599250SDevin Teske be opened for writing (except by mount(2)) whether mounted or 23*14599250SDevin Teske not. This level precludes tampering with file systems by 24*14599250SDevin Teske unmounting them, but also inhibits running newfs(8) while the 25*14599250SDevin Teske system is multi-user. 26*14599250SDevin Teske 27*14599250SDevin Teske In addition, kernel time changes are restricted to less than 28*14599250SDevin Teske or equal to one second. Attempts to change the time by more 29*14599250SDevin Teske than this will log the message ``Time adjustment clamped to +1 30*14599250SDevin Teske second''. 31*14599250SDevin Teske 32*14599250SDevin Teske 3 Network secure mode - same as highly secure mode, plus IP 33*14599250SDevin Teske packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) 34*14599250SDevin Teske cannot be changed and dummynet(4) or pf(4) configuration 35*14599250SDevin Teske cannot be adjusted. 36*14599250SDevin Teske 37*14599250SDevin TeskeSecurelevels must be used in combination with careful system design and 38*14599250SDevin Teskeapplication of protective mechanisms to prevent system configuration 39*14599250SDevin Teskefiles from being modified in a way that compromises the protections of 40*14599250SDevin Teskethe securelevel variable upon reboot. 41