From owner-freebsd-questions@FreeBSD.ORG Tue Feb 8 20:34:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2895A16A4CE for ; Tue, 8 Feb 2005 20:34:02 +0000 (GMT) Received: from smtp9.wanadoo.fr (smtp9.wanadoo.fr [193.252.22.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DD4443D48 for ; Tue, 8 Feb 2005 20:34:01 +0000 (GMT) (envelope-from atkielski.anthony@wanadoo.fr) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0904.wanadoo.fr (SMTP Server) with ESMTP id 54AA924001A2 for ; Tue, 8 Feb 2005 21:34:00 +0100 (CET) Received: from pix.atkielski.com (ASt-Lambert-111-2-1-3.w81-50.abo.wanadoo.fr [81.50.80.3]) by mwinf0904.wanadoo.fr (SMTP Server) with ESMTP id 2E3672400188 for ; Tue, 8 Feb 2005 21:34:00 +0100 (CET) X-ME-UUID: 20050208203400189.2E3672400188@mwinf0904.wanadoo.fr Date: Tue, 8 Feb 2005 21:33:59 +0100 From: Anthony Atkielski X-Priority: 3 (Normal) Message-ID: <140493020.20050208213359@wanadoo.fr> To: freebsd-questions@freebsd.org In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Newbie Security Concerns X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 20:34:02 -0000 crzdgns1@starpower.net writes: > I am a new user of UNIX and FreeBSD and have never had to do any > administration or security configuration myself before. I am running > IP Firewall on FreeBSD-5.3-RELEASE. Last night I was checking my > logs and discovered that sshd reported many illegal users. Does > that mean my system i compromised? As configured, there are only > three accounts on my system, root, toor, and one user account for > me. I suppose you need more information from me, but am not sure > what to provide. Any help would be greatly appreciated. FreeBSD is no more or less vulnerable than most other operating systems. It can be very secure if you are careful about what you run on the system, and it can be very insecure if you run everything under the sun without taking any precautions. Fortunately, there aren't as many kiddies trying to break into UNIX as there are trying to break into Windows these days, but at the same time, a majority of reported security bugs these days seem to be on Linux. A more important question is the use you intend to make of the system. A desktop system can be secured more easily than a server, because a desktop doesn't have to answer unsolicited incoming traffic from the Net, whereas a server _must_ do this, by definition. So servers always have a few doors open, whereas you can close all the doors on a desktop. The only virus infection I've ever had, ironically, was on FreeBSD, when a worm found its way into the Web server. It was a software bug, and since the HTTP port _must_ be open in order for the server to handle my Web site, I couldn't just lock things out. The worm didn't get far, though, because, when it tried to call its master, the reply from its master was blocked by my firewall. Still, that's the only virus infection I've had in decades of working on computers, as far as I can remember.