General Security Issues

Kevin D. Kinsey, DaleCo, S.P. kdk at
Mon Mar 1 09:15:31 PST 2004

Konstantinos Fotiadis wrote:

>Greetings list,
>As a newbie to security I would like to ask any recommendation that the list
>might have.
>We are about to "install" a new box with 4.9 stable to the nice and innocent
>internet world. :-P
>The box has no services running expect apache and we telnet to it via SSH.

So you've disabled sendmail and inetd.conf?

>Main function of this box will be graphing various interfaces via rrdtool.
>So, I would like to ask if there is any other precautions that I must take
>in order to sleep safe at night. Should I check for any other opened ports ?

Good idea, always ... from inside (netstat) and outside
(port scanner, like nmap<?>)....

>Should I do something with the kernel to be more secure ?
A firewall is often considered a must.

>I know this ain't so easy, but let's say my main scope is to get a least a
>decent sleep :-)
>Kind Regards,

I imagine this list would prefer that you send your
questions to the questions@ list.  I can't remember
the list charter enough to know exactly *why* at
the moment ... so I've made a comment or two.

I imagine that if you can find no open ports, and stay
on top of any changes to Apache and OpenSSH,
you should have few worries --- except for the scripts
that run on the webserver...which is a whole different
topic, as I see it.... :-(

Kevin Kinsey
DaleCo, S.P.

More information about the freebsd-security mailing list