Date: Fri, 16 Feb 2001 08:28:55 -0600 From: Mike Meyer <mwm@mired.org> To: "Cliff, Calvin" <CCliff@mednet.ucla.edu> Cc: questions@freebsd.org Subject: Re: Securing FreeBSD and CVSUP Message-ID: <14989.14631.952546.618576@guru.mired.org> In-Reply-To: <5027209@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Cliff, Calvin <CCliff@mednet.ucla.edu> types: > I've been experimenting with FreeBSD for my department web server and I'm > concerned > about making it more secured. I installed my system last October and looked > into using > CVSUP to keep it updated but was too chicken to try it since I already have > 5 virtual > web sites running on it. I tried using cvsup with a test directory and > noticed that a number > of files will be edited and some deleted. I have two questions: > is it safe? Generally, yes. You can make it safer. For instance, run your intranet server on a different machine, and update *that* machine to -STABLE first. After it's been running long enough that you feel confident it's ok, update the external server. > do I need to reboot or rebuild my kernal to take advantage of the updated > files? Yes. See the handbook entry on "The Cutting Edge" for details. > Secondly, I was looking for a simple HowTO on making the system more secure. > I don't have anonymous ftp's enabled and I do use the regular telnet. Is > there a > simple list of things I can do to make it more secured without using > Kerberos? I do > have access to a SSH telnet/ftp available from my client systems. Look in /etc/rc.firewall. You'll see a reference to a book by Brent Chapman & Elizabeth Zwicky. Buy it. Read it. Practice it. > Lastly, I also noticed that since I installed my system last october, I get > a few messages on > my console screen each month about ftpd, popd, rshd and/or rogind attempts > that seem > to fail. I don't recognize the client host addresses as anyone who should > have access > so I'm assuming that hackers are trying to crack my system. Should I be > trying to contact > those sysadmins about those attempts? You need a lot more context information to really decide. Generally, one or two oddball attempts can be ignored - assuming you're watching for other things. For instance, if you were port scanned from the same address or just before those attempts, you might worry. The Chapman & Zwicky book has information on how to deal with suspected crack attempts. FWIW, some of us have been around long enough to resent hearing script kiddies or other computer delinquents being called "hackers". See the jargon file entry at <URL: http://www.tuxedo.org/~esr/jargon/html/entry/hacker.html > for details. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14989.14631.952546.618576>