From owner-freebsd-questions Tue Aug 28 7:31:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13304.mail.yahoo.com (web13304.mail.yahoo.com [216.136.175.40]) by hub.freebsd.org (Postfix) with SMTP id 9F9DD37B409 for ; Tue, 28 Aug 2001 07:31:24 -0700 (PDT) (envelope-from sumirati@yahoo.de) Message-ID: <20010828143124.34624.qmail@web13304.mail.yahoo.com> Received: from [193.174.9.99] by web13304.mail.yahoo.com via HTTP; Tue, 28 Aug 2001 16:31:24 CEST Date: Tue, 28 Aug 2001 16:31:24 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= Subject: Re: Security ! To: midiostri@in.gr Cc: questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi, > > I'm busy securing our LAN and I need to setup a freebsd 4.3 box that will run > as firewall and protect my vulnerable network from the internet chaos. I also > think of running NAT there too. > > There appear to be quite a lot of hackers and intruders in the wild and I need > to keep them out of my lan. > > I'd appreciate any suggestions or links/references to stuff that can help me > on this. > > Also, are there any scripts that can be run periodically on a computer and > check if there are changes made to files ? > > Thanks, > Dimitri > Hi Dimitri, yes, there are many bad guys outside. Ok. What you want to have is a firewall system. A firewall consist of different systems that have "layered" architecture. System A will only allow some traffic directed to your network System B will only allow "valid" (you define what it is) to the internet. System C will look at the request of your users to block some content. What the system D to Z will do depends on you. For A and B you can try out ipfw - the FreeBSD own IP firewall. Or you can try Mr Reeds ipfilter which is available for many platforms. There are some links in the archive of the mailinglists. Try a search under: http://www.freebsd.org/search/search.html#mailinglists A good tutorial about ipfw was mentioned under: http://renaud.waldura.com/doc/freebsd/firewall/ Looking at www.freebsddiary.org www.daemonnews.org is a good idea too The autor of a book about Linux put up a script online which will give you some rules for ipfw and/or ipfilter to start with: http://www.linux-firewall-tools.com/linux/firewall/index.html Or you can read /etc/rc.firewall on your local system to get some ideas about writing firewall rulesets. For reading I can recommend: Building Internet Firewalls from Zwicky and Chapman The script that will run every night is already in place. It will check some files (with suid-flag set) for changes. If you want to check every (and not only setuid-files) take a look at tripwire. It is in the ports. (cd /usr/ports; make search key=tripwire) The last point to mention is: Follow the RELENG_4_3 (in your case; next release have to RELENG_4_4) cvs-branch. It has all known security bugs fixed. For that you want to read "Staying stable" in the FreeBSD handbook under: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html Good luck Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message