From owner-freebsd-questions@FreeBSD.ORG Thu Nov 17 13:44:05 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C971416A437 for ; Thu, 17 Nov 2005 13:44:05 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 426AE43D53 for ; Thu, 17 Nov 2005 13:44:04 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 48272 invoked by uid 1002); 17 Nov 2005 13:44:04 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(209.167.16.15):. Processed in 1.489959 secs); 17 Nov 2005 13:44:04 -0000 Received: from unknown (HELO fuze) (209.167.16.15) by pearl.ibctech.ca with SMTP; 17 Nov 2005 13:44:02 -0000 From: "Steve Bertrand" To: "'Mark Kane'" Date: Thu, 17 Nov 2005 08:44:02 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Thread-Index: AcXrNO74adx/60hXQcCf08pibwtS6gAR5g9g In-Reply-To: <437C1033.2030306@mkproductions.org> X-Qmail-Scanner-Message-ID: <113223504267548266@pearl.ibctech.ca> Message-Id: <20051117134404.426AE43D53@mx1.FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: RE: Need urgent help regarding security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 13:44:06 -0000 [...] > > You can easily rebuild a new kernel with: > > > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT_1000 > > > > Then create a script blocking ALL ports exept those what you need. > > Especially only allowing SSH access to the box from limited > IP's. If > > you need help, just ask. > > Thanks for the suggestion. I personally have no experience > with IPFW (I have played with IPF a little bit on a test box > here) so I will have to think on that a little. I am guessing > you suggest IPFW as opposed to IPF correct? I read up on IPFW > and IPF in the handbook when I was experimenting with > firewalls and the rule syntax and things seemed more logical > to me with IPF, but I did not look that far in depth. I only recommend IPFW because that is what I am familiar with. I don't want to start a flame war, as I've been told by others that IPF is just as good. If you are experienced with IPF and understand the syntax of it's rules, by all means, go for it. > > My servers are also remote so I would have to make sure I > didn't firewall myself out when enabling any firewall. ;) Yes, that is always a concern. I've been there/done that before on more than one occasion. There are scripts that can 'reset' to a previous config if this does happen though (I learned the hard way ;) > > Have you checked your daily cron outputs lately? What do they say? > > All I see is legit cronjobs from a billing system that I run > and some from cPanel such as cpumonitor and backups. Sorry, I meant the security run outputs that get sent at around 0300 every day. Steve