From owner-freebsd-questions Sat Aug 19 11:37: 8 2000 Delivered-To: freebsd-questions@freebsd.org Received: from femail1.sdc1.sfba.home.com (femail1.sdc1.sfba.home.com [24.0.95.81]) by hub.freebsd.org (Postfix) with ESMTP id 3F5DF37B422 for ; Sat, 19 Aug 2000 11:37:06 -0700 (PDT) Received: from home.com ([24.12.186.185]) by femail1.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20000819183701.GTZX29012.femail1.sdc1.sfba.home.com@home.com> for ; Sat, 19 Aug 2000 11:37:01 -0700 Message-ID: <399E7164.76B5E9B3@home.com> Date: Sat, 19 Aug 2000 11:37:08 +0000 From: rob X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "questions@FreeBSD.ORG" Subject: newbie security Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a linux box here that I spent a great deal of time securing. I am wondering if the same strategies apply to FreeBSD. Here is what I did for Linux and now for FreeBSD: 1. On linux, turned off all uneeded services. Did the same for FreeBSD. Kept smpt for qmail, and enabled internal identd, all else off. 2. On linux and FreeBSD, not using a firewall. Figured with all of the services off, I don't need it. 3. Installed logcheck and portsentry on both. 4. On Linux, made /tmp /var /home / all seperate partitions. Should BSD use seperate slices for these? I followed the recommendations and just have /var on FreeBSD as a seperate slice. 5. Mounted /tmp /var /home / nosetuid on Linux. Haven't done anything similar with BSD. 6. Set all security related, and log files to 600 root.root on Linux. Yet to do on FreeBSD, but sounds like a good idea. Thanks, Rob. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message