From owner-freebsd-questions@FreeBSD.ORG Sat Dec 6 00:29:02 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A8F26ECE for ; Sat, 6 Dec 2014 00:29:02 +0000 (UTC) Received: from eastrmfepo202.cox.net (eastrmfepo202.cox.net [68.230.241.217]) by mx1.freebsd.org (Postfix) with ESMTP id 55B5AEB6 for ; Sat, 6 Dec 2014 00:29:02 +0000 (UTC) Received: from eastrmimpo109 ([68.230.241.222]) by eastrmfepo202.cox.net (InterMail vM.8.01.05.15 201-2260-151-145-20131218) with ESMTP id <20141206002855.ROFH26047.eastrmfepo202.cox.net@eastrmimpo109> for ; Fri, 5 Dec 2014 19:28:55 -0500 Received: from macbook.local.popelka.us ([72.205.45.227]) by eastrmimpo109 with cox id Q0Uu1p00D4u5WUQ010UumD; Fri, 05 Dec 2014 19:28:54 -0500 X-CT-Class: Clean X-CT-Score: 0.00 X-CT-RefID: str=0001.0A02020A.54824DC6.01E5,ss=1,re=0.001,fgs=0 X-CT-Spam: 0 X-Authority-Analysis: v=2.0 cv=Y70mRGiN c=1 sm=1 a=KPoI11KysOGbLPnGgDkkuA==:17 a=Ihlm5HH3WnQA:10 a=IkcTkHD0fZMA:10 a=kviXuzpPAAAA:8 a=j4nzMFrpAAAA:8 a=M5rjXWIANz-ufuPWrKQA:9 a=QEXdDO2ut3YA:10 a=KPoI11KysOGbLPnGgDkkuA==:117 X-CM-Score: 0.00 Authentication-Results: cox.net; auth=pass (PLAIN) smtp.auth=arickp@cox.net Message-ID: <54824DC6.5090605@cox.net> Date: Fri, 05 Dec 2014 19:28:54 -0500 From: Eric Popelka User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Staying safe and sound Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Dec 2014 00:29:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm administering FreeBSD on a public-facing virtual server as a side project/resume builder/etc. My question is: what should I be doing to keep the blackhat hax0rz away? I do some of the obvious (firewalling most inbound traffic with ipfilter, reading the log files daily). I'm still on FreeBSD 10.0, so I'm assuming that I should upgrade the kernel to 10.1. If I do go up to 10.1, is this simple enough on a running system? I don't want to lose whatever drivers/modules/etc. that came with the fresh DVD install of 10.0 (the virtual is running FreeBSD using Xen, if that makes a difference). I assume I should also be doing pkg update; pkg upgrade on a regular basis, too. Anything else I should be doing -- is there another mailing list or RSS feed that notifies you about major vulnerabilities? (Yes, I realize OpenBSD is the choice for those serious about security, but like I said, this is mostly a playground server for personal use. That said, I don't want to become an open relay, have my site defaced, etc.) Thanks, Eric Popelka / arickp@cox.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUgk3GAAoJEBQPax3MeNrTTeUP/RjuTrzx8NFTEvAdPmM6dB+s kSADEEX3R1bYGpk9BxoH0lIY0N0BE60A1DvtzFvzwN8IdTWODjqcS8wgbxNahCc8 DA5QTpfqfvKwp84h5/kmOj6hL5dCRiMDTVG+yYZSf33FiRwpSzaZ7ca9UwyZ3UMX RflVyKF0eBiMtxmvGq+Ydjg53m3rCh7J4g2Ci0Zx1stT8OVxZXYrPFtC2ZVB7FZ+ wsehMkP+IPXvM3JPn0t7EEJF8vvcLrq4xdIS/kBtbyk+WtMRXXmN2ThLZq8MmuLf lsBHDsK5zxPtnq48LdVz49cBgX5PF5NPF6+UFx9vinHmOTKFqIJBOwe+9Tl3v/Tc gC/Zbw0ko6Pt94sV8yU6TJvV2nX8iRMac2nTobC2SiHDbdtmg+tyh7It/e5jSld4 YWAaNMJsSHOSieBUvN/JvVKWPwRuFDp/eCCsrgmSdKfsi4tx3EzIHfwJBZExBumn q4V2WIZ9rV/w1H0S+Ak7UnWLciu/fvxpnC2fEMpNUgcf5TBDzt+QLhBwWLFGuWDx IaS8LzQC3MPXZTW0qi0S2aAw4U7gGK10nuEeCHlxqxal2+s/BC48CFoIBTtZUUQm nuhgz15gXYntEOOCB+xmFeHTE4Ulht49NYSqYCUomzhLn5tMdoNdf3qWRmfU9xOA 3UlfqU47oVlI+Ren29xM =bg/Z -----END PGP SIGNATURE-----