If you do not want to change the secure level you can compile a static kernel:
# static kernel makeoptions NO_MODULES=yes put the above inside the kernel config file. On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran <br...@cran.org.uk> wrote: > On Wed, 24 Feb 2010 16:47:25 -0600 (CST) > Robert Bonomi <bon...@mail.r-bonomi.com> wrote: > >> I'm building custom kernels for use in 'hostile' environments -- >> where I need to enforce "restricted" capabilities, even in the event >> of malicious 'root' access. (if the bad guy has *physical* access to >> the machine, I know I'm toast, so I don't try to protect against >> _that_ in software -- beyond the usual access-control mechnisms, that >> is.) > > See security(7) - > http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7 > > Securelevel 1 disables the loading of kernel modules; the manual page > has far more details of how to secure the system further. > > -- > Bruce Cran > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"