From owner-freebsd-questions Mon Feb 19 12: 1:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id ECA2D37B4EC for ; Mon, 19 Feb 2001 12:01:22 -0800 (PST) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id WAA08417; Mon, 19 Feb 2001 22:07:09 +0100 Message-ID: <3A917BDB.E085A489@i-clue.de> Date: Mon, 19 Feb 2001 21:02:35 +0100 From: Christoph Sold Reply-To: so@server.i-clue.de X-Mailer: Mozilla 4.75 [de] (WinNT; U) X-Accept-Language: de MIME-Version: 1.0 To: Phelip Cray Cc: freebsd-questions@FreeBSD.ORG Subject: Re: lock file-system References: <20010219191051.91807.qmail@web12407.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Raising kern.securelevel along with chflags schg on critical files will help, too. HTH -Christoph Sold Phelip Cray schrieb: > > Hello everyone, > > I am installing a server that will do mail ( exim / > gpop3d ) and webmail - apache + a few scripts. > > this server will stay behind a firewall ( watchguard ) > and off course will have its own IPF activated. > > My questions is simple: > > 1 - I intend to block (IPF) everything except 25,110, > 80 and ssh. Is there anything else I should do? > > 2 - I am considering using chflags on the file system > to make it read-only - if you were in my shoes, what > parts of the system would you turn ead only? > > 3 - Are there other secrity measures that can be taken > besides the ones above? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message