Date: Wed, 29 Mar 2000 21:32:07 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Scott <scotte@speakeasy.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Help securing fresh install from CD Message-ID: <20000329213207.A17852@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.LNX.4.10.10003291114410.2508-100000@grace.speakeasy.org>; from scotte@speakeasy.org on Wed, Mar 29, 2000 at 11:15:48AM -0800 References: <Pine.LNX.4.10.10003291114410.2508-100000@grace.speakeasy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 29, 2000 at 11:15:48AM -0800, Scott wrote: > Hello to all: > > I have just ordered a new PC to install the January release of FreeBSD from CD. > I was wondering how secure FreeBSD is out-of-the-box, > and what additional steps I need to take in securing it. > > My experience has been with securing Linux and Solaris boxes - > commenting out non-needed services in /etc/inetd.conf, looking for SUID and > GUID programs, installing SSH, etc. > > What specifics are needed for FreeBSD, also considering this system will likely > double as a firewall. Most of the same steps, edit inetd.conf and hosts.allow. OpenSSH is now part ofthe base system, so that is done for you. Check for uneeded suid and guid (uucp is one on my system, but I would be shocked to see someone find a hole in that after all of these years). What you might be more interested in is the 'schg' flag (man chflags) and securelevels (man init) in FreeBSD. For a firewall, there are kernel config options and sysctl options you need to consider to defeat or at least lessen the effect of certain remote DOS attacks (e.g. SYN attacks). -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000329213207.A17852>