From owner-freebsd-questions Fri Nov 2 6:40:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9]) by hub.freebsd.org (Postfix) with ESMTP id 5BE9237B401 for ; Fri, 2 Nov 2001 06:40:09 -0800 (PST) Received: from git2000 (h24-71-180-125.ss.shawcable.net [24.71.180.125]) by indigo.quadrant.net (8.9.1/8.9.1) with SMTP id IAA29288; Fri, 2 Nov 2001 08:40:05 -0600 (CST) From: "Scott Gerhardt" To: "Anthony Atkielski" , "FreeBSD Questions" Subject: RE: Lockdown of FreeBSD machine directly on Net Date: Fri, 2 Nov 2001 08:51:21 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <003e01c16364$262d7fc0$0a00000a@atkielski.com> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you are the only administrator this isn't too bad, but still not recommended. If you have several administrators logging in from time to time, you are better off logging in as yourself first and 'su' to root. That way there is record in the logs as to who did what. > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony > Atkielski > Sent: November 2, 2001 12:04 AM > To: FreeBSD Questions > Subject: Lockdown of FreeBSD machine directly on Net > > > Is there anything special I need to do to secure a FreeBSD > system, freshly > installed, before putting it on the Internet (i.e., with an IP > address reachable > from the outside world)? Is it secure against attack as > installed, or do I have > to tweak some things? > > Right now I have only ssdh, telnetd, sendmail, and inetd > running, with ftp > available (anonymous is disabled). I am planning to install > Apache so that I > can prototype my Web site locally. The one change I've made > is to allow secure > login for root in ttys; if there is a way of restricting root > logins to my other > machine on my LAN, I'd like to know how to do that (it will > never be necessary > to login as root from the Net). > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message