From owner-freebsd-questions@FreeBSD.ORG Wed Jul 13 22:15:15 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E77FC16A41C for ; Wed, 13 Jul 2005 22:15:15 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr4.xs4all.nl (smtp-vbr4.xs4all.nl [194.109.24.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52E2D43D45 for ; Wed, 13 Jul 2005 22:15:15 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr4.xs4all.nl (8.13.3/8.13.3) with ESMTP id j6DMFEaW004952; Thu, 14 Jul 2005 00:15:14 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id EB4CC6280; Thu, 14 Jul 2005 00:15:13 +0200 (CEST) Date: Thu, 14 Jul 2005 00:15:13 +0200 From: Roland Smith To: alexandre.delay@free.fr Message-ID: <20050713221513.GB94944@slackbox.xs4all.nl> Mail-Followup-To: alexandre.delay@free.fr, freebsd-questions@freebsd.org References: <1121252743.42d4f587ada2c@imp4-q.free.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx" Content-Disposition: inline In-Reply-To: <1121252743.42d4f587ada2c@imp4-q.free.fr> User-Agent: Mutt/1.4.2.1i X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: securing FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 22:15:16 -0000 --aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 13, 2005 at 01:05:43PM +0200, alexandre.delay@free.fr wrote: > I would like to secure my FreeBSD server. > I don't want anyone to be able to access to the disk using a bootable > CD (or by setting the actual hdd to secondary and plug an other > primary hdd). Put the machine in a locked cabinet (which should have enough ventilation holes). The cabinet should be bolted to the floor or the wall. How sturdy the cabinet needs to be depends on what kind of attack it should withstand, and for how long... > I just don't want anyone to be able to hack this box nor any password. Disable all unneeded services and accounts. Allow root login from the console only. If you have physical access, disallow remote login entirely. Use long random passwords. Keep on top of security updates. Install intrusion detection systems. Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC1ZJxEnfvsMMhpyURAp5DAJ92lh7dBsAHPOezfHXHX+5t4Rrj7gCdE82m rGL7Rw4TSVta2ocQSC0ksKI= =8c3K -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx--