From owner-freebsd-questions@FreeBSD.ORG Wed Feb 20 16:02:24 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E98F216A407 for ; Wed, 20 Feb 2008 16:02:24 +0000 (UTC) (envelope-from zszalbot@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 72A9B13C467 for ; Wed, 20 Feb 2008 16:02:24 +0000 (UTC) (envelope-from zszalbot@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so862022nfb.33 for ; Wed, 20 Feb 2008 08:02:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=0ON4vC2J4qoP+XqTJblhWY4L4gSHAgNbyaDK6o3Knck=; b=Kt9t3GivoKkZvBrMhHlpNkcO7lm4FvVFdpqvSFzsUvEPgcJmeZvE8z5izDj6Ofo81vKvZzwTIj9fEqTihACEdFz8I6tS8DjXltYj70PAKqlbQB33YApw1OPyFnIeh/W6bIMXYuNvGHS7H7dFlxx3FLFHEZERQUeA/Qu5Y8v9gJw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=DYvk+ga9iTQZXlgqCMG3OX0DA+WQvgMXVRQhz0fUzQYUWEpwk57oWE+oQJQHbAB6DFFps6Ps1f6PDgOm1mt3KwX5zr4E4pJXYyds+j4UMuKjrVBBCqMXov8J7MHrMjdmVMbkRS39Zx1Hse9TMJJekJxmaWZ2PBD25A6L8krNbiY= Received: by 10.78.181.13 with SMTP id d13mr13701802huf.52.1203523342595; Wed, 20 Feb 2008 08:02:22 -0800 (PST) Received: by 10.78.130.5 with HTTP; Wed, 20 Feb 2008 08:02:22 -0800 (PST) Message-ID: <94136a2c0802200802r790ea5b1ye6f1a331b15ed6f4@mail.gmail.com> Date: Wed, 20 Feb 2008 17:02:22 +0100 From: "Zbigniew Szalbot" To: freebsd-questions MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: security of a new installation / steps to take X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2008 16:02:25 -0000 Dear all, In a matter of weeks we will be moving our office "server" replacing it with a dedicated server machine functioning at an ISP's location. I have spoken to them and they use Fedora so they won't be able to help me much (besides we're not really prepared to pay them for administrative work). Obviously, I want to keep using FreeBSD so they promised to set up a basic installation so that I can remotely connect to the server, configure it, install userland, etc. So far I have had FreeBSD systems only in office so I used my hardware firewall (Dlink DFL 700) to block access to services on ports 22, etc. Now, at the ISP I won't be able to do this so I will need to be a lot more careful about security issues. I am planning to make a list of steps I need to take to configure the OS to my liking and install applications I need. However, I would really, really love to have some advice from you re the basic steps. For example, I guess I will need to make friends with pf firewall (I did use it but not extensively due to the hardware router in place). I will need to disallow direct (3306) access to mysql database (again pf thing?) and the like. In any case, many thanks for your hints, tips, links to get started (I actually plan to use an old box in office to test-install everything and only then do the same remotely). I have been using FreeBSD for 1,5 year but I know how little I know so I'm ready to learn. Thanks for FreeBSD and your help! -- Zbigniew Szalbot