security of a new installation / steps to take
schiz0phrenic21 at gmail.com
Wed Feb 20 16:10:01 UTC 2008
On Feb 20, 2008 11:02 AM, Zbigniew Szalbot <zszalbot at gmail.com> wrote:
> Dear all,
> In a matter of weeks we will be moving our office "server" replacing
> it with a dedicated server machine functioning at an ISP's location. I
> have spoken to them and they use Fedora so they won't be able to help
> me much (besides we're not really prepared to pay them for
> administrative work). Obviously, I want to keep using FreeBSD so they
> promised to set up a basic installation so that I can remotely connect
> to the server, configure it, install userland, etc.
> So far I have had FreeBSD systems only in office so I used my hardware
> firewall (Dlink DFL 700) to block access to services on ports 22, etc.
> Now, at the ISP I won't be able to do this so I will need to be a lot
> more careful about security issues. I am planning to make a list of
> steps I need to take to configure the OS to my liking and install
> applications I need. However, I would really, really love to have some
> advice from you re the basic steps.
> For example, I guess I will need to make friends with pf firewall (I
> did use it but not extensively due to the hardware router in place). I
> will need to disallow direct (3306) access to mysql database (again pf
> thing?) and the like.
> In any case, many thanks for your hints, tips, links to get started (I
> actually plan to use an old box in office to test-install everything
> and only then do the same remotely). I have been using FreeBSD for 1,5
> year but I know how little I know so I'm ready to learn.
> Thanks for FreeBSD and your help!
> Zbigniew Szalbot
For PF, see:
More information about the freebsd-questions