Quote:
/etc/defaults/rc.conf should be:
Code:
kern_securelevel_enable="NO" # kernel security level (see init(8)),
kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
Also that the setting in rc.conf overrides that in /etc/defaults/rc.conf ?
|
Yes to both,
/etc/defaults/rc.conf should _NEVER_ be modified, all modification should be done in
/etc/rc.conf.
Quote:
To clarify, i don't need line:
Code:
kern.securelevel=2
in /etc/sysctl.conf
|
No, this sets the securelevel to 2 ... But the best way to do this is with rc.conf, and setting it in two different places makes no sense, so this line should be removed.
Quote:
Changing entry in sysctl.conf and moving openntp entry above kern_securelevel="1" in rc.conf resulted in time being set correctly on boot.
|
It doesn't matter in what order the variables are in
/etc/rc.conf
Quote:
Now this done i believe i should have following setup:
[...]
This should still give me secure mode?
|
Yes, you can check with
% sysctl kern.securelevel