Suspicious activity to look for...

Joe Wood dot.sn1tch at
Sun Jul 10 23:22:27 GMT 2005

I have a FreeBSD 5.4 system setup, and I have read numerous articles on
securing it. For the first few months prior to setting up this system I read
a lot about the little tweaks using sysctl and the like. Now everything is
running good, but I want to know what to look for incase I am missing
something. I, very meticulously, read all the system logs that get emailed
to root and I read all the auth, console logs etc. Except for the occasional
attempt to gain access with random usernames, there is nothing I see to be
worried about. This system is in a very secure DMZ, so even if it was
compromised there is no way it could leak over to the local network. Here
are some of the variables in sysctl.conf:












auth.conf and login.conf use blf as the crypt instead of md5


This system is used for public use, mainly shell accounts and ftp space to
people I know. I know the risk is greater when I introduce public users into
the there anything I can look for or something I have overlooked as
far as checking for suspicious activity?


Thanks for the help!


p.s. Sorry for the long email, just trying to be thorough.

More information about the freebsd-questions mailing list