security of a new installation / steps to take
Zbigniew Szalbot
zszalbot at gmail.com
Wed Feb 20 16:02:25 UTC 2008
Dear all,
In a matter of weeks we will be moving our office "server" replacing
it with a dedicated server machine functioning at an ISP's location. I
have spoken to them and they use Fedora so they won't be able to help
me much (besides we're not really prepared to pay them for
administrative work). Obviously, I want to keep using FreeBSD so they
promised to set up a basic installation so that I can remotely connect
to the server, configure it, install userland, etc.
So far I have had FreeBSD systems only in office so I used my hardware
firewall (Dlink DFL 700) to block access to services on ports 22, etc.
Now, at the ISP I won't be able to do this so I will need to be a lot
more careful about security issues. I am planning to make a list of
steps I need to take to configure the OS to my liking and install
applications I need. However, I would really, really love to have some
advice from you re the basic steps.
For example, I guess I will need to make friends with pf firewall (I
did use it but not extensively due to the hardware router in place). I
will need to disallow direct (3306) access to mysql database (again pf
thing?) and the like.
In any case, many thanks for your hints, tips, links to get started (I
actually plan to use an old box in office to test-install everything
and only then do the same remotely). I have been using FreeBSD for 1,5
year but I know how little I know so I'm ready to learn.
Thanks for FreeBSD and your help!
--
Zbigniew Szalbot
More information about the freebsd-questions
mailing list