From owner-freebsd-questions  Thu Nov  1 22:29:20 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110])
	by hub.freebsd.org (Postfix) with ESMTP id B452037B403
	for <freebsd-questions@FreeBSD.ORG>; Thu,  1 Nov 2001 22:29:15 -0800 (PST)
Received: Message by Barricade lv.raad.tartu.ee  with ESMTP id fA26TEU20503;
	Fri, 2 Nov 2001 08:29:14 +0200
Message-Id: <200111020629.fA26TEU20503@lv.raad.tartu.ee>
Received: from SpoolDir by INFO (Mercury 1.48); 2 Nov 01 08:28:23 +0200
From: "Toomas Aas" <toomas.aas@raad.tartu.ee>
Organization: Tartu City Government
To: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>,
	"Anthony Atkielski" <anthony@atkielski.com>
Date: Fri, 2 Nov 2001 08:28:18 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: Lockdown of FreeBSD machine directly on Net
In-reply-to: <003e01c16364$262d7fc0$0a00000a@atkielski.com>
X-info: Headers changed by Barricade
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi Anthony!

On  2 Nov 01 at 7:03 you wrote:

> Right now I have only ssdh, telnetd, sendmail, and inetd running, with ftp
> available (anonymous is disabled).  I am planning to install Apache so that I
> can prototype my Web site locally.  

You will get a zillion replies to that one.

If I were you, I'd first disable telnetd - especially if sshd is 
already running - by commenting out the relevant line in 
/etc/inetd.conf and doing 'killall -HUP inetd'. 

If you're not interested in anonymous ftp, you might also consider 
removing ftpd and using scp instead to transfer files to/from your 
box. This should again be easy, since you already have sshd 
running.

A good idea is to run 'sockstat' and see what ports are open. 
There might be something running (such as portmapper) that you are 
not even aware of and that you really don't need. Anything you 
don't need should be turned off ;-)
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* I`m not as think as you drunk I am...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message