From owner-freebsd-questions@FreeBSD.ORG Tue Feb 7 14:22:03 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B08B710656DE for ; Tue, 7 Feb 2012 14:22:03 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 41D778FC19 for ; Tue, 7 Feb 2012 14:22:02 +0000 (UTC) Received: by bkbzx1 with SMTP id zx1so7713463bkb.13 for ; Tue, 07 Feb 2012 06:22:02 -0800 (PST) Received: by 10.204.156.207 with SMTP id y15mr10742005bkw.83.1328624521873; Tue, 07 Feb 2012 06:22:01 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id bw9sm56216091bkb.8.2012.02.07.06.21.59 (version=SSLv3 cipher=OTHER); Tue, 07 Feb 2012 06:22:00 -0800 (PST) Message-ID: <4F313386.9000506@my.gd> Date: Tue, 07 Feb 2012 15:21:58 +0100 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4F31272D.7040905@gmail.com> In-Reply-To: <4F31272D.7040905@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: on hammer's, security, and centrifuges... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 14:22:03 -0000 On 2/7/12 2:29 PM, Steve Bertrand wrote: > On 2012.02.07 07:03, Henry Olyer wrote: > >> Look, I'm going to use FreeBSD as long as both it and I am around, it's >> just the best choice for me, for my user's. But we need to improve >> security. > > I'm very happy with the security and stability of FreeBSD, and praise > the sec team and contributors to make it so. > > I've run literally hundreds of FreeBSD boxes, mostly in a busy ISP > environment since 4.3, and never have been hacked after normal system > protections are in place. > >> For now, until I remake my laptop, I'm going to disable the ath0 >> wireless. >> >> How? What's the best method to make certain that my wireless chip is >> turned off? > > Comment out the configuration lines for the ath interface in rc.conf, or > to remove it completely, recompile the kernel after removing 'device ath'. > Also, make sure to NOT build the kernel module for ath...