From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:15:31 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6E2016A4CE for ; Mon, 1 Mar 2004 09:15:31 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B48643D39 for ; Mon, 1 Mar 2004 09:15:31 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 1 Mar 2004 11:15:50 -0600 Message-ID: <40436FB0.8040600@daleco.biz> Date: Mon, 01 Mar 2004 11:15:28 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: bookman@oteglobe.net References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-7; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Mar 2004 17:15:50.0968 (UTC) FILETIME=[D8981B80:01C3FFB0] cc: freebsd-security@freebsd.org Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:15:31 -0000 Konstantinos Fotiadis wrote: >Greetings list, > >As a newbie to security I would like to ask any recommendation that the list >might have. >We are about to "install" a new box with 4.9 stable to the nice and innocent >internet world. :-P >The box has no services running expect apache and we telnet to it via SSH. > > So you've disabled sendmail and inetd.conf? >Main function of this box will be graphing various interfaces via rrdtool. >So, I would like to ask if there is any other precautions that I must take >in order to sleep safe at night. Should I check for any other opened ports ? > > Good idea, always ... from inside (netstat) and outside (port scanner, like nmap).... >Should I do something with the kernel to be more secure ? > > A firewall is often considered a must. >I know this ain't so easy, but let's say my main scope is to get a least a >decent sleep :-) > >Kind Regards, > >Kostas > > > > I imagine this list would prefer that you send your questions to the questions@ list. I can't remember the list charter enough to know exactly *why* at the moment ... so I've made a comment or two. I imagine that if you can find no open ports, and stay on top of any changes to Apache and OpenSSH, you should have few worries --- except for the scripts that run on the webserver...which is a whole different topic, as I see it.... :-( Kevin Kinsey DaleCo, S.P.