From owner-freebsd-questions@FreeBSD.ORG Wed Feb 20 16:10:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 820A116A401 for ; Wed, 20 Feb 2008 16:10:01 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by mx1.freebsd.org (Postfix) with ESMTP id 4E54913C457 for ; Wed, 20 Feb 2008 16:10:00 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so3982346waf.3 for ; Wed, 20 Feb 2008 08:10:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=TdYTmeqEkbQRkYrec7qQVxmiYDSNzQk2V65y+YZ0Ypg=; b=J14VI6iG+7/LX9swnbmzuHv7+yPmKVTO5Zc/T+vVtPJ9g9iexOcCE7t/vUco3wZvPwpqG5vEthU6m4cbeMoe+3TSj/TStZfyOeOZbMZTVYF7vNC9sZe2hfbqUtfgXIis4Jm2TEMxBMNJhHNrPwbBbuzx55EDK8HuDRdkE+fvkJQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WdGW886G/3RmbL7ZFLfwn0U9TaGOC0tb02c5PFUgAFfXLrRt141JLuwInnku45bTSLaCOTPxXzcnZkwMw959fJC7PIiMfWHB5xc1Q02FmuxdHjIOw3WEMLh2cqwAvLGRPijdEy+Xq5djqbtsvvPkMFbVqn3JfpIyeJytW74LJrY= Received: by 10.114.106.1 with SMTP id e1mr8069651wac.95.1203523800450; Wed, 20 Feb 2008 08:10:00 -0800 (PST) Received: by 10.114.13.16 with HTTP; Wed, 20 Feb 2008 08:10:00 -0800 (PST) Message-ID: <8d23ec860802200810yb6d0d37t5f13edb18669054b@mail.gmail.com> Date: Wed, 20 Feb 2008 11:10:00 -0500 From: Schiz0 To: "Zbigniew Szalbot" In-Reply-To: <94136a2c0802200802r790ea5b1ye6f1a331b15ed6f4@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <94136a2c0802200802r790ea5b1ye6f1a331b15ed6f4@mail.gmail.com> Cc: freebsd-questions Subject: Re: security of a new installation / steps to take X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2008 16:10:01 -0000 On Feb 20, 2008 11:02 AM, Zbigniew Szalbot wrote: > Dear all, > > In a matter of weeks we will be moving our office "server" replacing > it with a dedicated server machine functioning at an ISP's location. I > have spoken to them and they use Fedora so they won't be able to help > me much (besides we're not really prepared to pay them for > administrative work). Obviously, I want to keep using FreeBSD so they > promised to set up a basic installation so that I can remotely connect > to the server, configure it, install userland, etc. > > So far I have had FreeBSD systems only in office so I used my hardware > firewall (Dlink DFL 700) to block access to services on ports 22, etc. > Now, at the ISP I won't be able to do this so I will need to be a lot > more careful about security issues. I am planning to make a list of > steps I need to take to configure the OS to my liking and install > applications I need. However, I would really, really love to have some > advice from you re the basic steps. > > For example, I guess I will need to make friends with pf firewall (I > did use it but not extensively due to the hardware router in place). I > will need to disallow direct (3306) access to mysql database (again pf > thing?) and the like. > > In any case, many thanks for your hints, tips, links to get started (I > actually plan to use an old box in office to test-install everything > and only then do the same remotely). I have been using FreeBSD for 1,5 > year but I know how little I know so I'm ready to learn. > > Thanks for FreeBSD and your help! > > -- > Zbigniew Szalbot For PF, see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html and http://www.openbsd.org/faq/pf/