From owner-freebsd-security  Thu Mar 14  2:22:40 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227])
	by hub.freebsd.org (Postfix) with ESMTP id 9D2D437B419
	for <freebsd-security@freebsd.org>; Thu, 14 Mar 2002 02:22:37 -0800 (PST)
Received: from nomad.tor.lets.net (H74.C220.tor.velocet.net [216.138.220.74])
	by spitfire.velocet.net (Postfix) with SMTP id 48F2FFB4503
	for <freebsd-security@freebsd.org>; Thu, 14 Mar 2002 05:22:36 -0500 (EST)
Received: (qmail 56366 invoked by uid 1001); 14 Mar 2002 10:17:31 -0000
Date: Thu, 14 Mar 2002 05:17:31 -0500
From: Steve Shorter <steve@nomad.lets.net>
To: Chest Rockwell <cdgaming@msn.com>
Cc: freebsd-security@freebsd.org
Subject: Re: New BSD user with a couple Qs
Message-ID: <20020314051731.A56353@nomad.lets.net>
References: <F18vFnciebfCrxZ3mFQ00006b53@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <F18vFnciebfCrxZ3mFQ00006b53@hotmail.com>; from cdgaming@msn.com on Thu, Mar 14, 2002 at 03:36:29AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Mar 14, 2002 at 03:36:29AM -0600, Chest Rockwell wrote:
> 
> I've read a couple docs on how to secure my machine.  I just installed 4.4 
> stable.  I turned off pretty much everything except for ftp(users only, no 
> anon) and ssh.  I am a little familiar with redhat and remember editing my 
> hosts.deny file so that it locked out everyone except for my home and work 

	FreeBSD uses hosts.allow only.

> machines.  I think that I need to edit the /etc/rc.firewall file.  Is this a 
> good idea to deny everyone except for a few users and how would I do that?
> 
> I'm running 4.4 stable.  Is that good enough or should I get the 4.5 
> release?

	Depends. 4.4 is good, but 4.5 has some networking and
NFS fixes/improvements.

> 
> Do I need to upgrade/update any files or do anything else to secure the 
> machine?  If so, could you send me a good link or give me some help please?

	man security

	http://www.freebsd.org/security

	-steve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message