Subject: Re: The reason for securelevel
To: None <zvrba@globalnet.hr>
From: Gilbert Fernandes <gilbert.fernandes@spamcop.net>
List: tech-security
Date: 01/28/2006 15:46:48
> Or better yet, change it from 1/0 to the path of the configuration file.
> And if the path is an empty string, then there is no securelevel in
> effect.
Yes. That's better. Using a simple [ test with -e will let us turn
on or off that secure level value. Then, if the file does exist,
it would "lock down" the machine according to the file contents.
But we would still get newsysctl values probably. The securelevel
thing would be transformed from one knob to a set of knob, whose
default values makes it work like the current securelevel one.
What do you think of it ? :)
--
unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ;
fsck ; umount ; sleep