I want to modify the rc.conf to enable secure_level of FreeBSD,but I found that it will be restored after reboot.
How can I make it ?
Thanks.
Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.
kern_securelevel_enable="YES" # kernel security level (see security(7))
kern_securelevel="x" # range: -1..3 ; `-1' is the most insecure
Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).
Good luck,
Franco
Quote from: franco on January 16, 2024, 05:13:40 PM
Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.
kern_securelevel_enable="YES" # kernel security level (see security(7))
kern_securelevel="x" # range: -1..3 ; `-1' is the most insecure
Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).
Good luck,
Franco
The /etc/hosts was also restored after reboot.
Just for emphasis I'd like to point out that /etc/hosts is not /etc/rc.conf and does not really overlap with securelevel as far as I could see. So you may be looking at least at one configuration issue.
Cheers,
Franco