1224093SdougbThis menu allows you to configure the Securelevel mechanism in FreeBSD.
2224093Sdougb
3224093SdougbSecurelevels may be used to limit the privileges assigned to the
4224093Sdougbroot user in multi-user mode, which in turn may limit the effects of
5224093Sdougba root compromise, at the cost of reducing administrative functions.
6224093SdougbRefer to the security(7) and init(8) manual pages for complete details.
7224093Sdougb
8224093Sdougb   -1    Permanently insecure mode - always run the system in level 0
9224093Sdougb         mode.  This is the default initial value.
10224093Sdougb
11224093Sdougb   0     Insecure mode - immutable and append-only flags may be turned
12224093Sdougb         off.  All devices may be read or written subject to their
13224093Sdougb         permissions.
14224093Sdougb
15224093Sdougb   1     Secure mode - the system immutable and system append-only
16224093Sdougb         flags may not be turned off; disks for mounted file systems,
17224093Sdougb         /dev/mem, /dev/kmem and /dev/io (if your platform has it)
18224093Sdougb         may not be opened for writing; kernel modules (see kld(4))
19224093Sdougb         may not be loaded or unloaded.
20224093Sdougb
21224093Sdougb   2     Highly secure mode - same as secure mode, plus disks may not
22224093Sdougb         be opened for writing (except by mount(2)) whether mounted or
23224093Sdougb         not.  This level precludes tampering with file systems by
24224093Sdougb         unmounting them, but also inhibits running newfs(8) while the
25         system is multi-user.
26
27         In addition, kernel time changes are restricted to less than
28         or equal to one second.  Attempts to change the time by more
29         than this will log the message ``Time adjustment clamped to +1
30         second''.
31
32   3     Network secure mode - same as highly secure mode, plus IP
33         packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8))
34         cannot be changed and dummynet(4) or pf(4) configuration
35         cannot be adjusted.
36
37Securelevels must be used in combination with careful system design and
38application of protective mechanisms to prevent system configuration
39files from being modified in a way that compromises the protections of
40the securelevel variable upon reboot.
41