Date: Sat, 26 Jul 2003 13:22:31 -0400 From: Matthew Graybosch <matthew@starbreaker.net> To: "Peter Rosa" <prosa@pro.sk> Cc: freebsd-questions@freebsd.org Subject: Re: suid bit files and securing FreeBSD Message-ID: <200307261322.31656.matthew@starbreaker.net> In-Reply-To: <00a201c35398$ed1de680$3501a8c0@pro.sk> References: <00a201c35398$ed1de680$3501a8c0@pro.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
> Second question is: Has anybody an exact wizard, how to secure > the FreeBSD machine. Imagine the situation, the only person who > can do anything on that machine is me, and nobody other. I have > set very restrictive firewalling, I have removed ALL tty's except > two local tty's (I need to work on that machine), but there are > still open port 25 and 53 (must be forever), so someone very > tricky can compromite my machine. > > I'm a little bit paranoic, don't I :-))))))) Uhm, yes, you *are* just a wee bit paranoid. But it helps to be paranoid if you're root on somebody else's machine. Great power and great responsibility, right? But if you're concerned with security uber alles, I'm surprised you didn't look into OpenBSD first. According to their site (openbsd.org), they've had "only one remote hole in the default install, in more than 7 years!" FreeBSD certainly can be secured, but it appears that the developers put performance and reliability first, and then security. Theo de Raadt puts security first. -- Matthew Graybosch http://www.starbreaker.net "I am become root, shatterer of kernels."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307261322.31656.matthew>