suid bit files and securing FreeBSD
matthew at starbreaker.net
Sat Jul 26 10:21:42 PDT 2003
> Second question is: Has anybody an exact wizard, how to secure
> the FreeBSD machine. Imagine the situation, the only person who
> can do anything on that machine is me, and nobody other. I have
> set very restrictive firewalling, I have removed ALL tty's except
> two local tty's (I need to work on that machine), but there are
> still open port 25 and 53 (must be forever), so someone very
> tricky can compromite my machine.
> I'm a little bit paranoic, don't I :-)))))))
Uhm, yes, you *are* just a wee bit paranoid. But it helps to be
paranoid if you're root on somebody else's machine. Great power and
great responsibility, right?
But if you're concerned with security uber alles, I'm surprised you
didn't look into OpenBSD first. According to their site
(openbsd.org), they've had "only one remote hole in the default
install, in more than 7 years!"
FreeBSD certainly can be secured, but it appears that the developers
put performance and reliability first, and then security. Theo de
Raadt puts security first.
"I am become root, shatterer of kernels."
More information about the freebsd-questions