Welcome to WebmasterWorld Guest from 54.221.9.209

Forum Moderators: bakedjake

Message Too Old, No Replies

FreeBSD 4.* vulnerabilities

I need a resource

     
3:20 pm on Jul 20, 2001 (gmt 0)

Preferred Member

joined:Apr 13, 2001
posts:372
votes: 0


Anyone know any good locations for info on securing the latest versions of FreeBSD UNIX? Besides newsgroups
4:57 pm on July 20, 2001 (gmt 0)

Full Member

10+ Year Member

joined:Feb 28, 2001
posts:208
votes: 0


There's always chapter 9 section 3 [freebsd.org] of the FreeBSD handbook [freebsd.org]. :)

windsor

5:27 pm on July 22, 2001 (gmt 0)

Inactive Member
Account Expired

 
 


There are a handful of books on overall UNIX security from O'Reilly. They're good for novices, but aren't very good for reference material since they spend a lot of time describing stuff and little time on "you want this, you don't want that."

There are three basic items to simple unix security if you need to lock down a box like a webserver:

<a> comment out as much as you can in /etc/inetd.conf
<b> sendmail and BIND are monsters. If you need them, get books about them that talk security. Webservers generally don't need these two.
<c> subscribe to something that gives you security updates for your particular OS. Bugtraq is a good non-OS-specific one.

There are some other ideas that are generally good; like don't enable NFS (client or server) unless you really need it, avoid NIS/yp, and if you can turn off the startup of the portmapper (a.k.a. "rpcbind"), that'll save you some headache.

Hope this helps.

Rob++

Air

8:16 pm on July 22, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 10, 2000
posts:1253
votes: 0


....or the FreeBSD Security Information [freebsd.org] page.
2:24 pm on July 23, 2001 (gmt 0)

Preferred Member

joined:Apr 13, 2001
posts:372
votes: 0


Thanks for the advice guys. I think I've found what I needed on that security page.