The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
improving security * 11 August 1998
Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This topic is incomplete.
11 August 1998
I decided it was time to improve the security on my system.  I used http://www.freebsd.org/~jkb/howto.html as the starting point.  Please read that resource in conjunction with what I have done below.

in /etc/rc.conf, I set inetd_flags="-l -R 1024"

Next, in /etc/inet.conf,  I did:

telnet  stream  tcp  nowait  root   /usr/libexec/telnetd    telnetd -h -U

ftp.* /var/log/ftpd was added to /etc/syslog.conf

I remembered to "touch /var/log/ftpd" because syslogd can't write to a file which isn't created first.

added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.

I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf

added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP

OK.  Time to recompile, using the instructions found in the Building and Installing a Custom Kernel section of the FreeBSD handbook.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles