The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
improving security * 11 August 1998
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This topic is incomplete.
11 August 1998
I decided it was time to improve the security on my system.  I used http://www.freebsd.org/~jkb/howto.html as the starting point.  Please read that resource in conjunction with what I have done below.

in /etc/rc.conf, I set inetd_flags="-l -R 1024"

Next, in /etc/inet.conf,  I did:

telnet  stream  tcp  nowait  root   /usr/libexec/telnetd    telnetd -h -U

ftp.* /var/log/ftpd was added to /etc/syslog.conf

I remembered to "touch /var/log/ftpd" because syslogd can't write to a file which isn't created first.

added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.

I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf

added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP

OK.  Time to recompile, using the instructions found in the Building and Installing a Custom Kernel section of the FreeBSD handbook.

Need more help on this topic? Click here
This article has no comments
Show me similar articles
Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid HTML, CSS , and RSS
Copyright © 1997-2016 Dan Langille
All rights reserved