xref: /freebsd-src/usr.sbin/bsdconfig/security/include/securelevel.hlp (revision cfe30d02adda7c3b5c76156ac52d50d8cab325d9)
1*14599250SDevin TeskeThis menu allows you to configure the Securelevel mechanism in FreeBSD.
2*14599250SDevin Teske
3*14599250SDevin TeskeSecurelevels may be used to limit the privileges assigned to the
4*14599250SDevin Teskeroot user in multi-user mode, which in turn may limit the effects of
5*14599250SDevin Teskea root compromise, at the cost of reducing administrative functions.
6*14599250SDevin TeskeRefer to the security(7) and init(8) manual pages for complete details.
7*14599250SDevin Teske
8*14599250SDevin Teske   -1    Permanently insecure mode - always run the system in level 0
9*14599250SDevin Teske         mode.  This is the default initial value.
10*14599250SDevin Teske
11*14599250SDevin Teske   0     Insecure mode - immutable and append-only flags may be turned
12*14599250SDevin Teske         off.  All devices may be read or written subject to their
13*14599250SDevin Teske         permissions.
14*14599250SDevin Teske
15*14599250SDevin Teske   1     Secure mode - the system immutable and system append-only
16*14599250SDevin Teske         flags may not be turned off; disks for mounted file systems,
17*14599250SDevin Teske         /dev/mem, /dev/kmem and /dev/io (if your platform has it)
18*14599250SDevin Teske         may not be opened for writing; kernel modules (see kld(4))
19*14599250SDevin Teske         may not be loaded or unloaded.
20*14599250SDevin Teske
21*14599250SDevin Teske   2     Highly secure mode - same as secure mode, plus disks may not
22*14599250SDevin Teske         be opened for writing (except by mount(2)) whether mounted or
23*14599250SDevin Teske         not.  This level precludes tampering with file systems by
24*14599250SDevin Teske         unmounting them, but also inhibits running newfs(8) while the
25*14599250SDevin Teske         system is multi-user.
26*14599250SDevin Teske
27*14599250SDevin Teske         In addition, kernel time changes are restricted to less than
28*14599250SDevin Teske         or equal to one second.  Attempts to change the time by more
29*14599250SDevin Teske         than this will log the message ``Time adjustment clamped to +1
30*14599250SDevin Teske         second''.
31*14599250SDevin Teske
32*14599250SDevin Teske   3     Network secure mode - same as highly secure mode, plus IP
33*14599250SDevin Teske         packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8))
34*14599250SDevin Teske         cannot be changed and dummynet(4) or pf(4) configuration
35*14599250SDevin Teske         cannot be adjusted.
36*14599250SDevin Teske
37*14599250SDevin TeskeSecurelevels must be used in combination with careful system design and
38*14599250SDevin Teskeapplication of protective mechanisms to prevent system configuration
39*14599250SDevin Teskefiles from being modified in a way that compromises the protections of
40*14599250SDevin Teskethe securelevel variable upon reboot.
41