From owner-freebsd-security Sun Mar 10 17:20:36 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id RAA06614 for security-outgoing; Sun, 10 Mar 1996 17:20:36 -0800 (PST) Received: from iceonline.com (root@ns.iceonline.com [204.191.208.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA06607 for ; Sun, 10 Mar 1996 17:20:33 -0800 (PST) Received: from edmbbs.iceonline.com by iceonline.com with uucp (Smail3.1.29.1 #1) id m0tvw9p-001Z7sC; Sun, 10 Mar 96 17:12 PST Received: by edmbbs.iceonline.com (UUPM-1.51) id D6300AZ Sun, Mar 10, 1996 17:04:27 EST From: sreid@edmbbs.iceonline.com Message-Id: <9603101704.D6300AZ@edmbbs.iceonline.com> X-Mailer: UUPlus Mail 1.51 To: security@freebsd.org Subject: How secure is FreeBSD 2.1 right after install? Organization: EDMBBS Marketing Date: Sun, 10 Mar 96 17:04:26 EST Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Is there anything I need to do to secure my system after a fresh install >from the Walnut Creek CD? I've already disabled the r*, finger and telnet services in inetd.conf. I don't expect I'll need them. Is there anything else I need to worry about? Our local ethernet will start with two FreeBSD machines and a Cisco router, connected to the internet. One of the FreeBSD machines will be a web server (probably running Apache) and the other will be for web page development under X Windows. I'm concerned that X might be a potential security hole, since it uses TCP port 6000 to accept connections from clients... Can I close off remote access to the X server without having to install a firewall? I won't need to access the X server from the LAN. Can X be set to ignore the TCP port? I'm interested in anything that might be a security problem.