Securelevel

Not to be confused with Runlevel.

securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by the sysctl variable kern.securelevel. This value is an integer, which when set to a value > 0 enables certain classes of restrictions. Any superuser process can raise securelevel, but only the init process can lower it.

When used with FreeBSD jails, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to manipulate.

When compiled with the option REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.

Definitions

On OpenBSD the securelevels are defined as follows:[1]

  • -1 (Permanently insecure mode) is functionally identical to securelevel 0 except the Kernel will never attempt to increase the level as it would in level 0. This effectively disables the securelevel protections.
  • 0 (Insecure mode) all devices can be read or written to (if they have the appropriate permissions) and system file flags can be cleared using the chflags command. This mode is typically used while the system is booting, and once the boot is completed and the system enters multi-user mode, it is elevated to level 1.
  • 1 (Secure mode) is the default mode when the system is booted into multi-user mode. In this mode the securelevel cannot be lowered, the raw memory devices cannot be written to, the raw devices of mounted file systems cannot be written to, important kernel variables (such as fs.posix.setuid, hw.allowpowerdown, net.inet.ip.sourceroute, machdep.kbdreset, ddb.console, ddb.panic and machdep.allowaperture) are locked down and only GPIO pins that were present during boot may be accessed.
  • 2 (Highly secure mode) has the same effects as securelevel 1, with the additions of raw disk devices cannot be written to even if unmounted, certain time related functions are locked down so the time cannot be set in the past (to help ensure the times of actions recorded in the logs are accurate) and pf rules may not be altered. This mode is designed to provide some semblance of defense in the event that the root user account is compromised.

References

  1. ^ "SECURELEVEL(7)". OpenBSD manual pages.


Stub icon

This Unix-related article is a stub. You can help Wikipedia by adding missing information.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.