From owner-freebsd-questions  Tue Oct 13 10:16:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA18675
          for freebsd-questions-outgoing; Tue, 13 Oct 1998 10:16:50 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA18669
          for <freebsd-questions@freebsd.org>; Tue, 13 Oct 1998 10:16:42 -0700 (PDT)
          (envelope-from ben@scientia.demon.co.uk)
Received: from ben by scientia.demon.co.uk with local (Exim 2.05 #3)
	id 0zT7wN-0003RW-00; Tue, 13 Oct 1998 18:08:55 +0100
Date: Tue, 13 Oct 1998 18:08:55 +0100
From: Ben Smithurst <ben@scientia.demon.co.uk>
To: Chan <bsd@capgemini.com.sg>
Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: security
Message-ID: <19981013180855.D945@scientia.demon.co.uk>
References: <36234779.50CEBB96@capgemini.com.sg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <36234779.50CEBB96@capgemini.com.sg>
User-Agent: Mutt/0.94.11i (FreeBSD 3.0-BETA i386)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Chan wrote:

> I wonder if it's safe to put a FreeBSD on the internet?

uh, I think so. wcarchive.cdrom.com runs FreeBSD. As do I of course,
though my machine is not permanently connected, so the only intruders
I get are morons trying to post shit through my news server. ipfw and
nnrp.access are your friend there. (I prefer ipfw, saves a DNS lookup
and starting an nnrpd process for each fuckwit spammer.)

> Do I need to tighten any things on it? Can I change root to some
> other names?

By default, root cannot login remotely. You'll have to login as yourself,
and use su to become root (you must be in group wheel to su to root).

I can't see a reason why uid 0 _must_ be called root, though I wouldn't
be surprised if lots of things expect it, so I wouldn't change it.

> If I disable telnet, can intruders still execute commands by telneting
> to other ports?

No. Well, I'd hope not. (they should try and get in via ssh if you have
sshd running, but that is not installed by default. And choose a password
that's hard to guess, of course.)

> compare to NT, which is more secure?

I don't think I need to answer that question, I think you know the
answer perfectly well yourself.

-- 
Ben Smithurst                                          ben@scientia.demon.co.uk

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message