Date: Sun, 10 Jul 2005 19:32:19 -0400 From: "Joe Wood" <dot.sn1tch@gmail.com> To: <freebsd-questions@freebsd.org> Subject: Suspicious activity to look for... Message-ID: <42d1adb2.39fb551a.7965.6d1d@mx.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD 5.4 system setup, and I have read numerous articles on securing it. For the first few months prior to setting up this system I read a lot about the little tweaks using sysctl and the like. Now everything is running good, but I want to know what to look for incase I am missing something. I, very meticulously, read all the system logs that get emailed to root and I read all the auth, console logs etc. Except for the occasional attempt to gain access with random usernames, there is nothing I see to be worried about. This system is in a very secure DMZ, so even if it was compromised there is no way it could leak over to the local network. Here are some of the variables in sysctl.conf: kern.ipc.somaxconn=8192 security.bsd.see_other_uids=0 net.inet.tcp.sendspace=32768 net.inet.tcp.recvspace=32768 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.ip.random_id=1 net.inet.icmp.icmplim=50 net.inet.icmp.drop_redirect=1 auth.conf and login.conf use blf as the crypt instead of md5 This system is used for public use, mainly shell accounts and ftp space to people I know. I know the risk is greater when I introduce public users into the mix.is there anything I can look for or something I have overlooked as far as checking for suspicious activity? Thanks for the help! p.s. Sorry for the long email, just trying to be thorough.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42d1adb2.39fb551a.7965.6d1d>