Subject: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: None <tech-security@netbsd.org, tech-kern@netbsd.org>
From: Jon Lindgren <jlindgren@slk.com>
List: tech-kern
Date: 10/24/2000 11:05:38
I began a discussion a day or so ago on port-sparc and netbsd-help
regarding setting up a firewall with r/o local disks (specifically, using
a CD to boot, and allowing _no_ local writes to the disk).
After many suggestions on how to accomplish this, a suggestion was made as
to a theoretical securelevel 3 where not much at all can be changed (no
ipf rules added, etc...).
This was furthered into using sysctl's to do accomplish the same
results... having a security section with knobs to frob which turn
different features (such as allowing ipf or ipnat rules to be added,
etc...). And of course, after that, making the security section
read-only, so if one cracks the box certain features can't be re-enabled.
Any thoughts on such an idea?
I'd love it if there were a switch which I could flip which essentially
locked down a good amount of the system (kind of a system immutable flag
or such) - configure the system, lock it down in /etc/rc.wherever, and let
it do its good deed.
But I'm open to any ideas.
Thanks to all the people who have suggestions and ideas on port-sparc and
netbsd-help so far (including, but not limitted to, atatat@atatdot.net,
simonb@wasabisystems.com, tv@wasabisystems.com and
bouyer@antioche.lip6.fr).
-Jon
--------------------------------------------------------------------
"Trout are freshwater fish, and have underwater weapons."
"Zing, zing zing zing!"
"Keep away from the trout."
-- The opinions expressed are not necesarily those of my employer --
"Who stole my lawn?"