Rozdział 14. Security

Much of this chapter has been taken from the security(7) manual page by Matthew Dillon.
Spis treści
14.1. Synopsis
14.2. Introduction
14.3. Securing FreeBSD
14.4. DES, MD5, and Crypt
14.5. One-time Passwords
14.6. TCP Wrappers
14.7. KerberosIV
14.8. Kerberos5
14.9. OpenSSL
14.10. VPN over IPsec
14.11. OpenSSH
14.12. File System Access Control Lists
14.13. Monitoring Third Party Security Issues
14.14. FreeBSD Security Advisories
14.15. Process Accounting

14.1. Synopsis

This chapter will provide a basic introduction to system security concepts, some general good rules of thumb, and some advanced topics under FreeBSD. A lot of the topics covered here can be applied to system and Internet security in general as well. The Internet is no longer a "friendly" place in which everyone wants to be your kind neighbor. Securing your system is imperative to protect your data, intellectual property, time, and much more from the hands of hackers and the like.

FreeBSD provides an array of utilities and mechanisms to ensure the integrity and security of your system and network.

After reading this chapter, you will know:

  • Basic system security concepts, in respect to FreeBSD.

  • About the various crypt mechanisms available in FreeBSD, such as DES and MD5.

  • How to set up one-time password authentication.

  • How to configure TCP Wrappers for use with inetd.

  • How to set up KerberosIV on FreeBSD releases prior to 5.0.

  • How to set up Kerberos5 on FreeBSD.

  • How to configure IPsec and create a VPN between FreeBSD/Windows(R) machines.

  • How to configure and use OpenSSH, FreeBSD's SSH implementation.

  • What file system ACLs are and how to use them.

  • How to use the Portaudit utility to audit third party software packages installed from the Ports Collection.

  • How to utilize the FreeBSD security advisories publications.

  • Have an idea of what Process Accounting is and how to enable it on FreeBSD.

Before reading this chapter, you should:

  • Understand basic FreeBSD and Internet concepts.

Additional security topics are covered throughout this book. For example, Mandatory Access Control is discussed in Rozdział 15, Mandatory Access Control and Internet Firewalls are discussed in Rozdział 26, Firewalls.

All FreeBSD documents are available for download at

Questions that are not answered by the documentation may be sent to <>.
Send questions about this document to <>.