The FreeBSD Diary
Providing practical examples since 1998If you buy from Amazon USA, please support us by using this link.
improving security * 11 August 1998
|This topic is incomplete.|
11 August 1998
|I decided it was time to improve the security on my system. I used http://www.freebsd.org/~jkb/howto.html
as the starting point. Please read that resource in conjunction with what I have
in /etc/rc.conf, I set inetd_flags="-l -R 1024"
Next, in /etc/inet.conf, I did:
telnet stream tcp nowait root /usr/libexec/telnetd telnetd -h -U
ftp.* /var/log/ftpd was added to /etc/syslog.conf
I remembered to "touch /var/log/ftpd" because syslogd can't write to a file which isn't created first.
added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.
I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf
added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP