From owner-freebsd-questions  Thu Nov  1 22:18:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mta04.mail.mel.aone.net.au (mta04.mail.au.uu.net [203.2.192.84])
	by hub.freebsd.org (Postfix) with ESMTP id E362037B403
	for <freebsd-questions@freebsd.org>; Thu,  1 Nov 2001 22:18:26 -0800 (PST)
Received: from ausyddtp0050.ozemail.com.au ([203.166.66.104])
          by mta04.mail.mel.aone.net.au with ESMTP
          id <20011102061823.RBLW6258.mta04.mail.mel.aone.net.au@ausyddtp0050.ozemail.com.au>;
          Fri, 2 Nov 2001 17:18:23 +1100
Message-Id: <5.1.0.14.2.20011102171218.04c20b30@pop.ozemail.com.au>
X-Sender: rbyrnes@pop.ozemail.com.au
X-Mailer: I wish it was Linux
Date: Fri, 02 Nov 2001 17:15:47 +1100
To: "Anthony Atkielski" <anthony@atkielski.com>
From: Rob B <rbyrnes@ozemail.com.au>
Subject: Re: Lockdown of FreeBSD machine directly on Net
Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org>
In-Reply-To: <003e01c16364$262d7fc0$0a00000a@atkielski.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 17:03 2/11/2001, Anthony Atkielski sent this up the stick:
>Is there anything special I need to do to secure a FreeBSD system, freshly
>installed, before putting it on the Internet (i.e., with an IP address 
>reachable
>from the outside world)?  Is it secure against attack as installed, or do 
>I have
>to tweak some things?
>
>Right now I have only ssdh, telnetd, sendmail, and inetd running, with ftp
>available (anonymous is disabled).  I am planning to install Apache so that I
>can prototype my Web site locally.  The one change I've made is to allow 
>secure
>login for root in ttys; if there is a way of restricting root logins to my 
>other
>machine on my LAN, I'd like to know how to do that (it will never be necessary
>to login as root from the Net).

Kill telnetd for starters ... everything that you can do through telnetd, 
can be done through sshd

You could try editing /etc/hosts.allow to allow connections from your local 
'net.  There is enough documentation in the file to get you started.

Cheers,
Rob


--
Wait a minute ... You ain't heard nothin' yet.

[15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian
This is random quote 1061 of a collection of 1183


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message