how would i secure freebsd

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
all of the guides i used to use are extremely out dated, the server will be running ftp and web, shh also but this will be blocked at the router, can anyone offer me a few sites i could look at?

Thanks
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
FreeBSD is pretty secure OOB much more so than the popular Centos/Fedora/Suse anyway.

Make sure that /etc/ssh/sshd_config is set for protocol 2, no root login, not empty passwords.

You can be super secure with regards root access by installing sudo and configuring trusted users to sudo to root, remove the password on the root account and setting all the TTY's to secure ( I think that disables console root access as well)

Don't run services you don't need. (FreeBSD runs only ssh and sendmail OOB) disable sendmail from starting by putting sendmail_enable=NONE in /etc/rc.conf.

Figure out how to configure pf :)
 

X-Istence

*
Political Access
Joined
5 Dec 2001
Messages
6,498
For a really secure FTP server, use vsftpd, and for web take your pick, i'd personally suggest lighttpd, while it may take a bit longer to get it configured if you are used to Apache (or use a lot of software that requires Apache) it in general scales better and uses less resources.
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
dr_death_uae has the best advice :) keep a note of the permissions and flag changes though else updating freebsd builds/versions will fail and break your system.

Make the permissions/flag changes before setting kern_securelevel.
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
ok one other thing could using the wrong fdisk command wipe mount points? if so any idea on how to get them back ?
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,013
Messages
673,480
Members
5,607
Latest member
endryshall