Describes in detail the kernel security and level of the BSD system.

DocumentBsd has always been recognized as the safest unix operating system, because it provides kernel-based security protection, not just the access control-based security protection of old unix. Bsd divides the kernel into security levels, which can limit many insecure operations and bsd is a single point in security settings, making it impossible to change the security level easily. Linux-provided lsm "loadable security module" can load security modules from outside, while bsd also uses this behavior as a possible security risk. Therefore, the bsd kernel is directly responsible for security, if the kernel deems that the loaded security module is untrusted, the kernel will prohibit the loading of the module, which is achieved through the securelevel In the bsd kernel. Next, I will reference a section about the security level, and then analyze the security level-related code in the bsd init program:
The FreeBSD kernel has a security level (securelevel) concept, which refers to the security level used for system kernel running. Different levels have different protection and check mechanisms. This is the kernel check mechanism, so it is quite strict and there is no way to bypass the protection provided by this mechanism, so it is very useful to protect the security of FreeBSD. The kernel security level is divided into-1, 0, 1, and 2 according to the degree of security protection. The security level can provide the following protection levels:
System Files: You can set protection marks "unchangeable" and "only append" for system files. Files with these protection marks are also protected by these protection marks outside the file attributes of the system. The security level can determine whether these marks can be canceled.
Disk Device Files: There are two access methods for disk device files: Random Access to the corresponding block device files and sequential access to the corresponding character device files, the character device file can be directly read from the hardware device, so it is critical for security. At the kernel security level, you can determine whether to allow operations on hard disk device files by Directly Reading hardware.
Direct Memory Access:/dev/mem and/dev/kmem are the system memory ing files. You can directly access the system memory by accessing them, some programs that need to obtain system information and share the memory mechanism between processes need to access these two device files to directly access the memory. However, access to the memory space obviously also affects the safe operation of the system. The kernel security level determines whether to allow access to the system memory.
Security level-1 is a permanent level of insecurity, and the system kernel does not provide any additional protection. The system is at this level by default. At this time, the protection mark of the system file can be canceled by the root user. All devices, including disk devices and memory ing devices, can be accessed according to their attributes.
Security level 0 is an insecure level. Like Level 1, it does not provide additional security protection for the system, but it affects the init behavior of the kernel process. When the kernel is in level-1, the kernel init program does not automatically change the running level, so the system security level remains-1 until the system is logged on. This is the default action of the system. Security-level protection is not enabled. However, if the security level is not-1, init will change to 0 when it enters the single-user status, and to security level 1 when it enters the multi-user mode. Therefore, security level 0 is the security level in the single user State after security level protection is set.
Security Level 1 is a security level that provides system protection capabilities. At this time, the two protection marks of the system file cannot be canceled. The disk devices corresponding to the installed file system, And/dev/mem,/dev/kmem cannot be opened in write mode.
Security Level 2 is similar to level 1, but it further adds restrictions on low-level operations on disk devices. no matter whether the disk device is installed or not, access by writing is not allowed, in this way, you cannot perform fdisk, disklabel, newfs, and other operations.
You can use sysctl to view the security level of the current system. However, if it is not specified, FreeBSD's default security level should be-1:
Bash-2.03 # sysctl kern. securelevel
Kern. securelevel:-1
The most important aspect of the security level is that apart from the init process of the kernel, even the root user can only continuously improve the security level and there is no way to reduce the security level. This basically ensures that remote intruders cannot reduce the system running level without restarting the computer. If the root user wants to improve the security level of the system, use the sysctl command.
Bash-2.03 # sysctl-w kern. securelevel = 0
Kern. securelevel:-1-> 0
The security level is to protect files and devices. To protect files, you need to set the file protection flag schg. To set this flag, run the chflags command, such as/kernel, to enable this flag for system security. Even if you want to change these files at a non-security level, you must first cancel the protection flag to perform normal operations.
Bash-2.03 # mv/kernel. bak
Mv: rename/kernel to/kernel. bak: Operation not permitted
Bash-2.03 # chflags noschg/kernel
Bash-2.03 # mv/kernel. bak
Bash-2.03 # mv/kernel. bak/kernel
Bash-2.03 # chflags schg/kernel
In the preceding operation, the unchangeable symbol schg of the kernel file is canceled. Obviously, this operation is performed at the non-security level. When the security level is 1 or 2, you cannot use chflags to change the file protection flag.
Bash-2.03 # chflags noschg/kernel
Chflags:/kernel: Operation not permitted
You can use the ls with the-o parameter to view the file's flag.
Bash-2.03 # ls-lo/kernel
-R-xr-x 1 root wheel schg 1061679 Jun 30/kernel

• 2 pages in total:
• Previous Page
• 1
• 2
• Next Page