Re: securelevel 1

On Thu, Oct 26, 2023 at 11:36:22PM +0200, Dag-Erling Smørgrav wrote: void writes: In order to accomplish what I'd like, I understand that I'd need to set +schg on the individual logs, then set the securelevel afterwards and reboot. If you set the log file +schg, it can't be written to at all.

Ansible playbook for secure installs

For those who are interested, I have put together an Ansible playbook for securing FreeBSD post-install.  It borrows from the FreeBSD handbook and some other sites which are acknowledged in the readme.md The playbook is here https

Re: securelevel 1

void writes: > In order to accomplish what I'd like, I understand that I'd need to set +schg > on the individual logs, then set the securelevel afterwards and reboot. If you set the log file +schg, it can't be written to at all. That's obviously not what you want. If you set it +sappnd, it can