Aug 111998

improving security *

This topic is incomplete.

11 August 1998

I decided it was time to improve the security on my system.  I used as the starting point.  Please read that resource in conjunction with what I have done below.

in /etc/rc.conf, I set inetd_flags="-l -R 1024"

Next, in /etc/inet.conf,  I did:

telnet  stream  tcp  nowait  root   /usr/libexec/telnetd    telnetd -h -U

ftp.* /var/log/ftpd was added to /etc/syslog.conf

I remembered to "touch /var/log/ftpd" because syslogd can’t write to a file which isn’t created first.

added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.

I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf

added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP

OK.  Time to recompile, using the instructions found in the Building and Installing a Custom Kernel section of the FreeBSD handbook.