General Security Issues
Kevin D. Kinsey, DaleCo, S.P.
kdk at daleco.biz
Mon Mar 1 09:15:31 PST 2004
Konstantinos Fotiadis wrote:
>As a newbie to security I would like to ask any recommendation that the list
>We are about to "install" a new box with 4.9 stable to the nice and innocent
>internet world. :-P
>The box has no services running expect apache and we telnet to it via SSH.
So you've disabled sendmail and inetd.conf?
>Main function of this box will be graphing various interfaces via rrdtool.
>So, I would like to ask if there is any other precautions that I must take
>in order to sleep safe at night. Should I check for any other opened ports ?
Good idea, always ... from inside (netstat) and outside
(port scanner, like nmap<?>)....
>Should I do something with the kernel to be more secure ?
A firewall is often considered a must.
>I know this ain't so easy, but let's say my main scope is to get a least a
>decent sleep :-)
I imagine this list would prefer that you send your
questions to the questions@ list. I can't remember
the list charter enough to know exactly *why* at
the moment ... so I've made a comment or two.
I imagine that if you can find no open ports, and stay
on top of any changes to Apache and OpenSSH,
you should have few worries --- except for the scripts
that run on the webserver...which is a whole different
topic, as I see it.... :-(
More information about the freebsd-security