> > One thing I am confused about with securelevel - how does the machine
> > get rebooted? If a hacker can get root access they can reboot, yes?
> > Then the secure level is gone? (I know this isn't related to your
> > modifications, per se.)
>
> I thought about this :-)
>
> Anyone wanting this kind of high security certainly isn't going to have a
> machine bouncing back into multi user mode after a reboot....
You don't need to criple the system that way to get full security. Just
mark all the lilo stuff, init and the startup scripts as immutable. Set
the securelevel in the startup scripts. Then the hacker will gain nothing
by rebooting.
Btw, is root prevented to write directly to the harddisk device? If not,
he can just go around the filesystem or make his own modifications to the
boot sector etc.
Baldur