improving security *
This topic is incomplete.
11 August 1998
I decided it was time to improve the security on my system. I used http://www.freebsd.org/~jkb/howto.html
as the starting point. Please read that resource in conjunction with what I have
done below.
in /etc/rc.conf, I set inetd_flags="-l -R 1024"
Next, in /etc/inet.conf, I did:
telnet stream tcp nowait root /usr/libexec/telnetd telnetd -h -U
ftp.* /var/log/ftpd was added to /etc/syslog.conf
I remembered to "touch /var/log/ftpd" because syslogd can’t write
to a file which isn’t created first.
added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.
I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf
added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP
OK. Time to recompile, using the instructions found in the Building and
Installing a Custom Kernel section of the FreeBSD
handbook.