请教关于freeBSD的securelevel设置
今天折腾树莓派安装freebsd,以前折腾freebsd是总是默认设置,因为相信她非常安全的,呵呵,今天细细品尝一下她的魅力,bsdconfig一下,每个选项都翻了一下,原来我还有很多基本的东东都没掌握,这里请教一下securelevel设置她里面有四个选项:Disabled、Secure、Highly Secure和Network Secure,按照字面的意思是禁用、安全、高安全、网络安全
我想问一下,第一个忽略,后面三个她们有什么不同?设置后有什么效果? 本帖最后由 lsstarboy 于 2014-10-29 16:20 编辑
The kernel runs with five different security levels.Any super-user
process can raise the level, but no process can lower it.The security
levels are:
-1 Permanently insecure mode - always run the system in insecure mode.
This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem and
/dev/kmem may not be opened for writing; /dev/io (if your platform
has it) may not be opened at all; kernel modules (see kld(4)) may
not be loaded or unloaded.
2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user.
In addition, kernel time changes are restricted to less than or
equal to one second.Attempts to change the time by more than this
will log the message ``Time adjustment clamped to +1 second''.
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be
changed and dummynet(4) or pf(4) configuration cannot be adjusted.
The security level can be configured with variables documented in
rc.conf(5).
回复 2# lsstarboy
:em06: 老大故意为难我啊,正是英文很差,所以看不懂帮助文件才来求助的,不过我用GOOGLE翻译了一下,基本上明白了,:wink:
回复 3# toshaobo
话说俺的英语,只在农村初中学过,考试最高也过不了80分,你不会比我的水平更差吧,但是坚持一段时间就好了。 回复 4# lsstarboy
:D 我和你差不多,也是农村的一个小初中生毕业,考试每次都不及格
页:
[1]