From owner-freebsd-questions  Tue Apr  9 21: 0:39 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from infinity.aesredfish.net (ns1.aesredfish.net [65.168.0.12])
	by hub.freebsd.org (Postfix) with ESMTP id 8703937B421
	for <freebsd-questions@freebsd.org>; Tue,  9 Apr 2002 20:59:49 -0700 (PDT)
Received: from potentialtech.com (mhope-dhcp-65-168-1-181.dashfast.com [65.168.1.181])
	by infinity.aesredfish.net (8.11.6/8.11.0) with ESMTP id g38Enkm08620;
	Mon, 8 Apr 2002 10:49:46 -0400
Message-ID: <3CB1AF2D.1060506@potentialtech.com>
Date: Mon, 08 Apr 2002 10:54:37 -0400
From: Bill Moran <wmoran@potentialtech.com>
Organization: Potential Technology
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010914
X-Accept-Language: en-us
MIME-Version: 1.0
To: Mr Munkeh <munk3h02@yahoo.co.uk>
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD Security
References: <20020408144125.8556.qmail@web14406.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Mr Munkeh wrote:

> hi im looking for some security help on FreeBSD, im using it as a 
> workstation pc and not as a server so i dont want to be hosting any 
> services to the outside world, im using FreeBSD 4.5-STABLE and have 
> the following open ports:
>
> Port       State       Service
> 22/tcp     open        ssh
>

in /etc/rc.conf put 'sshd_enable="NO"'

>                     
> 25/tcp     open        smtp
>

Disable sendmail completely, or at least disable the server component.
(see recent discussions on sendmail on this list)

>                    
> 514/udp    open        syslog        
>
Put 'syslogd_flags="-ss"' in /etc/rc.conf

>          
> 587/tcp    open        submission            
>
This will go away when you disable sendmail

>  
> 2504/tcp   open        unknown
>
Don't know.  Run "sockstat" and see what program
is listening on that port, then take some time to figure
out how to disable it.

> how do i close all none needed ports so other people cant access them 
> and does anyone recommend a good firewall program thats in the ports 
> system?
>

ipfw is part of the base system.  Read the man page for
rc.conf for info on how to enable it, and read the man
page for ipfw to learn how to configure it.
/etc/rc.firewall is the file you'll want to tweak.

good luck,
Bill Moran



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message