I guess by default FeeBSD runs at -1
That's right.
what would most of you recommend doing? is this primary to keep local users (ssh) in check? does it help in remote attacks (buffer overflow) is it even needed?
Read "man securelevel" and see for yourself what it does. High securelevels are intended for dedicated applicances like network firewalls which do not have interactive users, generally are not offering services to the world, are expected to be configured once, and then left alone for long periods of time.
Setting a securelevel does not help in remote-access compromises like buffer overflows in system daemons, which is why they are not particularly useful for machines supporting interactive logins and offering network services. For those, running portaudit and keeping the base-system and ports up to date is more helpful...
-- -Chuck
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
