Date: Mon, 10 Dec 2001 17:53:41 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Bill Schoolcraft <bill@wiliweld.com> Cc: Noah Dunker <ndunker@jccc.net>, <freebsd-questions@FreeBSD.ORG> Subject: RE: openbsd Message-ID: <20011210174925.P16958-100000@localhost> In-Reply-To: <Pine.LNX.4.33.0112101351290.3892-100000@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Dec 2001, Bill Schoolcraft wrote: > Now, correct me here when needed. Back when I started using (not > hacking) FreeBSD the version was 3.4 and it was a "slam_dunk" that > OpenBSD was the secure way to go. i still regard that as being true, even in our FreeBSD 4.4 times. > I bring this question up at the *BSD meetings I go to here in the > San Francisco Bay Area and seeing we are up to 4.4 (I've stayed at > 4.2) the consensus I've been listening to is that some minor > adjustments would secure your FreeBSD box as well as your OpenBSD > box. Could you comment on this ? well, the idea is that openbsd is secured out of the box. you don't have to do these adjustments to it, since they should already be done. when i'm locking down my FreeBSD machine, the first thing i do is shut off inetd. since i don't use it, there's no reason i need it. the next 3 things are only somewhat nessassary, but i do them anyway: recompile the kernel to use firewalling, up the maxusers and then, finally, install extra packages. the packages i tend to install are: sudo, cvsup, and bash. i still think freebsd has a little ways to go to be "up to par" with openbsd's default "secure" install. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210174925.P16958-100000>