The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

improving security * 11 August 1998
Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This topic is incomplete.
11 August 1998
I decided it was time to improve the security on my system.  I used http://www.freebsd.org/~jkb/howto.html as the starting point.  Please read that resource in conjunction with what I have done below.

in /etc/rc.conf, I set inetd_flags="-l -R 1024"

Next, in /etc/inet.conf,  I did:

telnet  stream  tcp  nowait  root   /usr/libexec/telnetd    telnetd -h -U

ftp.* /var/log/ftpd was added to /etc/syslog.conf

I remembered to "touch /var/log/ftpd" because syslogd can't write to a file which isn't created first.

added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.

I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf

added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP

OK.  Time to recompile, using the instructions found in the Building and Installing a Custom Kernel section of the FreeBSD handbook.

Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles