Slashdot Mirror

← Back to Stories (view on slashdot.org)

Installing A Secure FreeBSD Box

Posted by timothy on from the glue-the-case-shut dept.

ltwally writes "The guys over at LittleWhiteDog have a how-to on securing FreeBSD. Topics range from the basics to custom kernels, blowfish encryption, smtp, and custom firewall scripts. Definitely worth a look if you're running a FreeBSD box, or are interested in *nix security in general."

8 of 131 comments (clear)

  1. Re-worded a bit to help make the parent clearer by Anonymous Coward · · Score: 2, Funny
    The last time I tried to use FreeBSD as a firewall [circa FreeBSD 4.8.x], you had to recompile the kernel just to get a NAT router.

    Recompile the kernel? Give me a friggin' break. And there were like a gazillion how-to's all over the web, no two of which bore any resemblance whatsoever.
    To secure my box I had to understand security! I attempted to read a How-To that would tell me the command to secure my box, but the How-To's were so LONG and complicated. I tried this to no avail:
    $ secure box
    secure: not found
    Where the hell is SECURE?

    I also had to compile in IPv4-to-IPv6 translation support. It wasn't even in the default kernel! Give me a friggin' break. And I suppose I'm going to have to read something to figure out how recompile my kernel!

    To parent: I think I see a nice shiny new Windows box in your future! You don't have to understand security with Windows. And don't worry, I think they got the last of the bugs worked out. No more security problems now!
  2. Using FreeBSD as a firewall by Anonymous Coward · · Score: 2, Funny

    Recently I had an experience to use FreeBSD. I had heard many great
    things about it, and was excited to replace a dead Linux firewall with
    this OS. Unfortunately as things turned out, FreeBSD proved to be more
    nightmare than solution.

    When not attending classes at my community college to get my
    humanities degree, I work part-time at a printshop. Our Linux box
    there finally gave up the ghost. I'd heard that FreeBSD was incredibly
    secure so I talked my boss into putting that on as a replacement.

    Part of the appeal of FreeBSD was its history. A fork of the Linux
    kernel, it was originally intended for Steve Job's failed NeXT cube.
    Recently, its found a home amongst the ignorant and easily-fooled as a
    firewall OS (later on, we'll see how Job's reached back to use FreeBSD
    in OSX. This will be important later!) BSD was also famous for an
    incident in the early 80s, where they were sued by Microsoft when the
    BSD developers stole the TCP/IP stack from Microsoft's PC-DOS.

    Once my boss gave approval, I quickly headed over to FreeBSD.com and
    downloaded the ISOs from the web site. Our box was pretty
    state-of-the-art, a two-CPU'ed Pentium III. Installing it went pretty
    flawless and I had high hopes for our new firewall.

    Almost immediately however I began to have concerns. I noticed no
    where did FreeBSD display the terms of the GPL. Since its based on
    Linux, this should be a requirement. Apparently the history of theft
    amongst the BSD developers still continues!

    I was even more shocked to learn that the ipchains rules we'd
    carefully setup on our Linux box would not work on FreeBSD! Perhaps
    FreeBSD is still using a SHARE-based networking security from the DOS
    TCP/IP stack! Or more likely they just haven't caught up to Linux and
    are still using iptables.

    Whatever the case, almost immediately our box was rooted. FreeBSD
    proved to be aptly named as the box was "free to be hacked" by the entire world.
    Later on I would find out that despite its claims of being secure,
    FreeBSD's default configuration appears to start up every service
    known to man! I find it shocking that an OS commonly used for
    firewalls would have BIND running by default.

    Then there was the OpenSSH holes. I would later learn that FreeBSD has
    a history of remote exploits. Perhaps they should work with the team
    at RedHat, as RH knows how to secure their distros.

    After spending a week trying to patch a leaky firewall, I gave up. I
    found an Mac SE/30 and put OSX on it. I then installed Norton Personal
    Firewall. That became our firewall and I'm proud to say that its been
    happily running for two weeks without a single incident. I find it
    funny that despite FreeBSD users arrogant claims of superiority, a
    humble SE/30, running an OS that's loosely based on FreeBSD, performed
    much better. Perhaps its another failing of open source versus
    commercial software. Whatever the case, its clear that FreeBSD has a
    long ways to go before it can be taken seriously.

  3. Re:One thing I hate... by Anonymous Coward · · Score: 2, Funny
    Well, you need to keep in mind that the BSD distros are mostly source-based, from the packages you install to updating the operating system."

    I didn't know that packages in FreeBSD were actually source! I thought ports were source?

    No no no, the author means that BSD programs originate with source code which is then compiled and distributed via packages, whereas linux binaries are generated by 1 million monkeys randomly typing bits until something useful emerges.

    Hence, nothing in linux comes from source.

    It's irrelevant, anyways, as BSD is dead. Darl killed it, Verisign buried it, and like a tortured flower, Microsoft sprang from its grave (that's why MS tcp stack and ftp cmd client is BSD based).

    Our only hope these days is from BeOS, preferably running on direct-interconnect amigas.

  4. Security by rf0 · · Score: 3, Funny

    Well taking recent events remove ssh and sendmail. Access via telnet only. No one will ever see my password that way

    Rus

    --
    Cheap UK and US VPS
  5. here's something exciting for the mods by xluserpetex · · Score: 3, Funny

    *generic BSD troll*

  6. Re:FreeBSD vs Linux performance by zcat_NZ · · Score: 3, Funny

    How about server stability?

    take a quick look at Netcraft's longest-uptimes page and see what OS is most prominent on that page.

    Here's a summary for you.

    BSD/OS and FreeBSD: 50
    GNU/Linux (all distros): 0
    All other *NIX's combined: 0
    Windows (98, XP, 2k and 2k3): 0
    Mac OS and OS/X: 0

    I'd have drawn a pie chart, but I think you know what a circle looks like already..

    --
    455fe10422ca29c4933f95052b792ab2
  7. Re:I submitted the parent. by Anonymous Coward · · Score: 1, Funny

    I mean everyone wants NAT

    Go to a NANOG or IETF meeting and yell that REALLY loud. To make the trip profitable, I recommend an associate who sells sticks next to you labeled 'IP End to end connectivity'.

    Yes, you'll be beaten with sticks, but by selling the sticks you'll make alot of money.

  8. Re:MOD PARENT UP by bsd_usr · · Score: 2, Funny

    No, no, no, no. This was the funniest line.

    "Then there was the OpenSSH holes. I would later learn that FreeBSD has
    a history of remote exploits. Perhaps they should work with the team
    at RedHat, as RH knows how to secure their distros."

    This really has to be modded up as humorous.