From owner-freebsd-questions  Fri Sep 21 19:53: 3 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222])
	by hub.freebsd.org (Postfix) with ESMTP id 0AFD237B40F
	for <freebsd-questions@FreeBSD.ORG>; Fri, 21 Sep 2001 19:53:01 -0700 (PDT)
Received: from c4-pta-72.dial-up.net (c4-pta-72.dial-up.net [196.26.210.72])
	by mercury.is.co.za (Postfix) with ESMTP
	id 067CA3EDB; Sat, 22 Sep 2001 04:52:57 +0200 (SAST)
Date: Sat, 22 Sep 2001 04:55:13 +0200 (SAST)
From: The Psychotic Viper <psyv@sec-it.net>
X-X-Sender:  <psyv@lucifer.fuzion.ath.cx>
To: Chip <chip@wiegand.org>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: security and firewall
In-Reply-To: <01092117533704.84922@chip.wiegand.org>
Message-ID: <20010922044111.B39981-100000@lucifer.fuzion.ath.cx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

On Fri, 21 Sep 2001, Chip wrote:
> I have a fbsd 4.0 box running nothing but natd/ipfw, and it appears to be
> fairly secure - I ran nmap against it from another fbsd box outside my
> network and it shows only the sunrpc port 111 open. I have added to my ipfw
> rules a rule that explicity denies port 111. I have also disabled inetd and
> yet get the following udp ports showing as open -  111, 514, 520.
ok firstly do you need 111 open? If not close it down via
portmap_enable="NO" in /etc/rc.conf , and syslogd_flags="-ss" in the same
file closes 514. Dont know off hand what would be using 520 but lsof or
sockstat should tell you and then trace it down and stop it if needed.

> Now my question - Just what can I do to tighten my security? To make sure my
> machine isn't used as a relay, or just general protection? Is there some web
> pages that cover this basic security stuff someone can point me to?
Try these as they are good starting points,
old faithful man security ;
http://www.daemonnews.org/200108/security_overview.html
http://www.daemonnews.org/200108/security-howto.html
http://www.daemonnews.org/200102/armoring.html
http://www.freebsd.org/~jkb/howto.html
http://www.schlacter.dyndns.org/public/FreeBSD-STABLE_and_IPFILTER.html

HTH
PsyV




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message