From owner-freebsd-questions@FreeBSD.ORG Tue Sep 29 15:12:54 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D493106566B for ; Tue, 29 Sep 2009 15:12:54 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com [209.85.218.227]) by mx1.freebsd.org (Postfix) with ESMTP id 99BE78FC1A for ; Tue, 29 Sep 2009 15:12:53 +0000 (UTC) Received: by bwz27 with SMTP id 27so3951250bwz.43 for ; Tue, 29 Sep 2009 08:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=i7Bva1gYirrAzUtAa4vn0EQhZcu2FmDtJqFA2AQSXNo=; b=ey1CTOKx2Zo12fobGp5L6KYA7f+0Epcr8ZQMJYJ1H3D62wSn58uJ7aERMwi731V3wk +NeasD7rPsrz2WWH/3OV5dFVxACNQBJSF+f1n0+R+fMPEcM0B2YJqyFOppvkTLShbvO9 UuHLicjvem7yMC7+blTlxXG8ldbew2q/uA55E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=n+06TGq37jiRoj9FoLwVDI5erXEqLGUncwM1HwQ/T7G8nkJvO5Ik2Xv0mQs28k48xP l6hNLytjcgxiIUHrF/z5N+Ad57Ld1EkgpS0h5gWfKZ2SacZDExNpgTT+BHL9R8IF6f6h xz7kWArBl+vGaQQF9QpUYaTfarD8hBSAvWnFc= MIME-Version: 1.0 Received: by 10.239.130.30 with SMTP id 30mr431358hbh.130.1254237172351; Tue, 29 Sep 2009 08:12:52 -0700 (PDT) In-Reply-To: <320306640909290730l2b3841c1q8763f5e802a06595@mail.gmail.com> References: <837.63581.qm@web56202.mail.re3.yahoo.com> <320306640909290730l2b3841c1q8763f5e802a06595@mail.gmail.com> Date: Tue, 29 Sep 2009 16:12:52 +0100 Message-ID: From: krad To: doug schmidt Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Aflatoon Aflatooni , freebsd-questions@freebsd.org Subject: Re: hardening guideline for Freebsd 7.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2009 15:12:54 -0000 2009/9/29 doug schmidt > center for internet security benchmarks; > > http://www.cisecurity.org/bench_freebsd.html > > > On Sat, Sep 26, 2009 at 8:27 AM, Aflatoon Aflatooni >wrote: > > > Hi, > > Is there a hardening guideline for Freebsd 7.2? > > > > Thanks > > > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > looks a bit old that guide does. Freebsd is actually fairly secure out of the box. What you need to establish is what kind of usage you are going to have. eg If you are going to be giving lots of people shell access, then what you will need to do will be quite different than if you were setting up an apache web server. Generally I would say just make sure there are no exploits for the services you are going to enable/install and put them into a jail. Write a decent pf ruleset for your needs. Above all though restrict access to the box to the bare minimum of what you can get away with