Date: Wed, 15 Sep 1999 14:11:19 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: Ken McGlothlen <mcglk@serv.net> Cc: questions@FreeBSD.ORG Subject: Re: A brief tutorial on closing the barn doors? Message-ID: <Pine.BSF.4.05.9909151401330.15395-100000@harlie.bfd.com> In-Reply-To: <87g10f29rl.fsf_-_@ralf.serv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 Sep 1999, Ken McGlothlen wrote: > As time goes on, my general lassez-faire attitude toward system security in the > home is gradually changing. In the face of 24/7 net connections, I'm beginning > to think that the free Uni distributions should default to "nothing open." Actually, FreeBSD doesn't come that open. Just basic functionality. port where to turn off ftp inetd telnet inetd shell inetd login inetd finger inetd comsat inetd ntalk inetd sunrpc rc.conf smtp rc.conf Usually, I turn off shell, login, comsat, ntalk, and sunrpc. > So where do I start? I have a FreeBSD box hanging off a DSL connection. Where > do I look for information on how to start locking the doors? I'd say the first step is to determine exactly what is open. netstat -a | grep LISTEN netstat -a | grep ^udp These will list ports that can be connected to. From there, it's a matter of 1) commenting lines out of /etc/inetd.conf, 2) stopping unneeded daemons from starting, and 3) firewalling those services that you only want to use to talk to yourself with. Actually, for #3, I usually deny everything below port 1024, and explicitly allow those services that I want to be available to everyone. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9909151401330.15395-100000>