Date: Fri, 02 Nov 2001 17:15:47 +1100 From: Rob B <rbyrnes@ozemail.com.au> To: "Anthony Atkielski" <anthony@atkielski.com> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <5.1.0.14.2.20011102171218.04c20b30@pop.ozemail.com.au> In-Reply-To: <003e01c16364$262d7fc0$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 17:03 2/11/2001, Anthony Atkielski sent this up the stick: >Is there anything special I need to do to secure a FreeBSD system, freshly >installed, before putting it on the Internet (i.e., with an IP address >reachable >from the outside world)? Is it secure against attack as installed, or do >I have >to tweak some things? > >Right now I have only ssdh, telnetd, sendmail, and inetd running, with ftp >available (anonymous is disabled). I am planning to install Apache so that I >can prototype my Web site locally. The one change I've made is to allow >secure >login for root in ttys; if there is a way of restricting root logins to my >other >machine on my LAN, I'd like to know how to do that (it will never be necessary >to login as root from the Net). Kill telnetd for starters ... everything that you can do through telnetd, can be done through sshd You could try editing /etc/hosts.allow to allow connections from your local 'net. There is enough documentation in the file to get you started. Cheers, Rob -- Wait a minute ... You ain't heard nothin' yet. [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian This is random quote 1061 of a collection of 1183 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011102171218.04c20b30>