1241899SdteskeThis menu allows you to configure the Securelevel mechanism in FreeBSD.
2241899Sdteske
3241899SdteskeSecurelevels may be used to limit the privileges assigned to the
4241899Sdteskeroot user in multi-user mode, which in turn may limit the effects of
5241899Sdteskea root compromise, at the cost of reducing administrative functions.
6241899SdteskeRefer to the security(7) and init(8) manual pages for complete details.
7241899Sdteske
8241899Sdteske   -1    Permanently insecure mode - always run the system in level 0
9241899Sdteske         mode.  This is the default initial value.
10241899Sdteske
11241899Sdteske   0     Insecure mode - immutable and append-only flags may be turned
12241899Sdteske         off.  All devices may be read or written subject to their
13241899Sdteske         permissions.
14241899Sdteske
15241899Sdteske   1     Secure mode - the system immutable and system append-only
16241899Sdteske         flags may not be turned off; disks for mounted file systems,
17241899Sdteske         /dev/mem, /dev/kmem and /dev/io (if your platform has it)
18241899Sdteske         may not be opened for writing; kernel modules (see kld(4))
19241899Sdteske         may not be loaded or unloaded.
20241899Sdteske
21241899Sdteske   2     Highly secure mode - same as secure mode, plus disks may not
22241899Sdteske         be opened for writing (except by mount(2)) whether mounted or
23241899Sdteske         not.  This level precludes tampering with file systems by
24241899Sdteske         unmounting them, but also inhibits running newfs(8) while the
25241899Sdteske         system is multi-user.
26241899Sdteske
27241899Sdteske         In addition, kernel time changes are restricted to less than
28241899Sdteske         or equal to one second.  Attempts to change the time by more
29241899Sdteske         than this will log the message ``Time adjustment clamped to +1
30241899Sdteske         second''.
31241899Sdteske
32241899Sdteske   3     Network secure mode - same as highly secure mode, plus IP
33241899Sdteske         packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8))
34241899Sdteske         cannot be changed and dummynet(4) or pf(4) configuration
35241899Sdteske         cannot be adjusted.
36241899Sdteske
37241899SdteskeSecurelevels must be used in combination with careful system design and
38241899Sdteskeapplication of protective mechanisms to prevent system configuration
39241899Sdteskefiles from being modified in a way that compromises the protections of
40241899Sdteskethe securelevel variable upon reboot.
41