Proper FreeBSD system hardning :)(all for sysctl)
Uncategorized
2
Posts
2
Posters
0
Views
-
Proper FreeBSD system hardning :)
(all for sysctl)security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processessecurity.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debuggingsecurity.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/groupkern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modulessysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removedThis can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.
#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin
-
Proper FreeBSD system hardning :)
(all for sysctl)security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processessecurity.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debuggingsecurity.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/groupkern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modulessysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removedThis can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.
#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin
@Larvitz we enable a bunch of these (and more) by default in BastilleBSD
-
undefined Stefano Marinelli shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@fucinafibonacci @ambiente in città grandi come Roma saranno solo le 10 linee di metropolitana (che non avremo mai) a cambiare la città.
Poi tutto lo spazio che volete a mezzi elettrici che coprono piccole zone e bici per gli spostamenti personali, ma senza metro in ogni quartiere non risolveremo mai i problemi di traffico e spostamenti inefficienti.
-
@Otttoz per quanto mi riguarda meglio mandarli tutti a casa, tutti promettono di fare cose buone, ma una volta che hanno il potere pensano solo ai loro sporchi interessi, dalla destra alla sinistra (che non esiste più). Mangiano a spese nostre.
-
@InternetEh yep, coyotes will chase anything small enough and slow enough. They're opportunistic and omnivorous. If they're in an area with roadrunners, they're definitely chasing roadrunners.
-
@aeva Gosh where do you start... I got into D&B around 1997, so my tastes are quite oldskool.
Dom & Roland - Deckard's Theme
https://youtu.be/Pg0WfdaKGOQ?si=3gEiP5XDPg2fo9toDigital & Spirit - Phantom Force
https://youtu.be/81Gq3qJ0azM?si=FVX8eXxcEea1pUZ0Ed Rush & Optical - Gas Mask
https://youtu.be/Rn8HLKl6ptk?si=YUaJcXPbvM_MFJncGrooverider - Charade
https://youtu.be/2SC8H_5sO8w?si=zbAw8_bBCYZdYMa-
-
@brooke BAM
-
@vkc "woke" as in "resumed from Sleep mode"
-
do coyotes even chase roadrunners?
-
@mcc a useful concept!
