Securing FreeBSD 4.x STABLE

oscarcvt writes "While browsing through daily daemon news I found a story posted on Jan 4th that made reference to an article about securing FreeBSD 4.x. The article is titled 'A basic guide to securing FreeBSD 4.x-STABLE' . Everything from mounting ro to secure levels and lots of other stuff. Happy secureading!"

Re:Securing FreeBSD

This is what I really hate about Slashdotters, and especially Linux users, the no clue about security.
First, there is no such thing as a secure system, there are however trusted systems, how much trust you can put in a system and its proven that it will always hold true to that level.
The difference in security in the base systems is so small and irrelevant that the security of a box is more dependant on how well you know the system. If you use FreeBSD, use FreeBSD. If you use Linux, which I think sucks ass, use that one.

Dont get me wrong, I love all the BSDs and use them all, but its not the system that makes the level of trust you can put into it.

If you want security, use Trusted Solaris, OS/400 or OpenVMS.

Re:There's one problem

[Dahan]

You don't need a world-readable home directory for Apache to be able to get to ~/public_html/ though... Use mode 0711 and people/processes can traverse through the directory, but not read its contents.

No problem

[braque]

you can set the userdir to something else, e.g. /home/homepages

Then www.server.com/~user/bla.html == /home/homepages/user/bla.html

works like a charm here, all users have mod 700 homedirs and 755 homepagedirs.