How can I modify the rc.conf to enable secure_level of FreeBSD?

[bsdfans]

I want to modify the rc.conf to enable secure_level of FreeBSD,but I found that it will be restored after reboot.
How can I make it ?
Thanks.

[franco]

Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.

kern_securelevel_enable="YES"    # kernel security level (see security(7))       
kern_securelevel="x"   # range: -1..3 ; `-1' is the most insecure

Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).


Good luck,
Franco

[bsdfans]

Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.

kern_securelevel_enable="YES"    # kernel security level (see security(7))       
kern_securelevel="x"   # range: -1..3 ; `-1' is the most insecure

Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).


Good luck,
Franco

The /etc/hosts was also restored after reboot.

[franco]

Just for emphasis I'd like to point out that /etc/hosts is not /etc/rc.conf and does not really overlap with securelevel as far as I could see. So you may be looking at least at one configuration issue.


Cheers,
Franco