On Thu, Oct 26, 2023 at 11:36:22PM +0200, Dag-Erling Smørgrav wrote:
void <v...@f-m.fm> writes:
In order to accomplish what I'd like, I understand that I'd need to set +schg
on the individual logs, then set the securelevel afterwards and reboot.
If you set the log file +schg, it can't be written to at all. That's
obviously not what you want.
Yes, I'm sorry; I meant to type +sappnd
If you set it +sappnd, it can be written to, and newsyslog will be able
to rotate it; an attacker with superuser privileges will also be able to
replace it with a doctored file.
Yes. But if sappend is set on the required files, and then securelevel=1
is set, then nothing can change the flag while the system is multiuser.
That is, if I'm understanding correctly?
So, on such a system, if I understand correctly, newsyslog would need
to be turned off.
Am I correct in understanding that securelevel could be lowered to -1
while in single user mode (for eg the purposes of upgrading); one
would have to comment out the securelevel variables in rc.conf
before booting multiuser?
newsyslog could be run on that occasion, then securelevel set to 1
again.
There is no way to allow one without the other. The usual solution is
to log to a remote machine.
That's planned.
--
