Date: Mon, 01 Mar 2004 11:15:28 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: bookman@oteglobe.net Cc: freebsd-security@freebsd.org Subject: Re: General Security Issues Message-ID: <40436FB0.8040600@daleco.biz> In-Reply-To: <DNENIGNODKCOJCLIAEICGEMDDHAA.bookman@oteglobe.net> References: <DNENIGNODKCOJCLIAEICGEMDDHAA.bookman@oteglobe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Konstantinos Fotiadis wrote: >Greetings list, > >As a newbie to security I would like to ask any recommendation that the list >might have. >We are about to "install" a new box with 4.9 stable to the nice and innocent >internet world. :-P >The box has no services running expect apache and we telnet to it via SSH. > > So you've disabled sendmail and inetd.conf? >Main function of this box will be graphing various interfaces via rrdtool. >So, I would like to ask if there is any other precautions that I must take >in order to sleep safe at night. Should I check for any other opened ports ? > > Good idea, always ... from inside (netstat) and outside (port scanner, like nmap<?>).... >Should I do something with the kernel to be more secure ? > > A firewall is often considered a must. >I know this ain't so easy, but let's say my main scope is to get a least a >decent sleep :-) > >Kind Regards, > >Kostas > > > > I imagine this list would prefer that you send your questions to the questions@ list. I can't remember the list charter enough to know exactly *why* at the moment ... so I've made a comment or two. I imagine that if you can find no open ports, and stay on top of any changes to Apache and OpenSSH, you should have few worries --- except for the scripts that run on the webserver...which is a whole different topic, as I see it.... :-( Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40436FB0.8040600>