From owner-freebsd-questions Thu Nov 1 22: 3:55 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 0150E37B407 for ; Thu, 1 Nov 2001 22:03:54 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA263U954111; Fri, 2 Nov 2001 07:03:30 +0100 (CET) Message-ID: <003e01c16364$262d7fc0$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "FreeBSD Questions" Subject: Lockdown of FreeBSD machine directly on Net Date: Fri, 2 Nov 2001 07:03:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Is there anything special I need to do to secure a FreeBSD system, freshly installed, before putting it on the Internet (i.e., with an IP address reachable from the outside world)? Is it secure against attack as installed, or do I have to tweak some things? Right now I have only ssdh, telnetd, sendmail, and inetd running, with ftp available (anonymous is disabled). I am planning to install Apache so that I can prototype my Web site locally. The one change I've made is to allow secure login for root in ttys; if there is a way of restricting root logins to my other machine on my LAN, I'd like to know how to do that (it will never be necessary to login as root from the Net). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message