|SECURELEVEL(7)||Miscellaneous Information Manual||SECURELEVEL(7)|
securelevel and its effects
The OpenBSD kernel provides four levels of system security:
Securelevel provides convenient means of “locking
down” a system to a degree suited to its environment. It is normally
set at boot via the
script, or the superuser may raise securelevel at any time by modifying the
sysctl(8) variable. However,
only init(8) may lower it once
the system has entered secure mode. A kernel built with
option INSECURE in the config file will default to
permanently insecure mode.
Highly secure mode may seem Draconian, but is intended as a last line of defence should the superuser account be compromised. Its effects preclude circumvention of file flags by direct modification of a raw disk device, or erasure of a file system by means of newfs(8). Further, it can limit the potential damage of a compromised “firewall” by prohibiting the modification of packet filter rules. Preventing the system clock from being set backwards aids in post-mortem analysis and helps ensure the integrity of logs. Precision timekeeping is not affected because the clock may still be slowed.
Because securelevel can be modified with the in-kernel debugger ddb(4), a convenient means of locking it off (if present) is provided at securelevels 1 and 2. This is accomplished by setting ddb.console and ddb.panic to 0 with the sysctl(8) utility.
securelevel manual page first appeared
in OpenBSD 2.6.
The list of securelevel's effects may not be comprehensive.
|June 24, 2011||OpenBSD-5.1|