Slashdot Mirror

← Back to Stories (view on slashdot.org)

Installing A Secure FreeBSD Box

Posted by timothy on from the glue-the-case-shut dept.

ltwally writes "The guys over at LittleWhiteDog have a how-to on securing FreeBSD. Topics range from the basics to custom kernels, blowfish encryption, smtp, and custom firewall scripts. Definitely worth a look if you're running a FreeBSD box, or are interested in *nix security in general."

4 of 131 comments (clear)

  1. Re:Interesting piece, but by kirkjobsluder · · Score: 2, Informative

    Nit 4: Sendmail. Sure. You could run sendmail, but why not look into qmail, written by djb. While you're there, check out djbdns if you need DNS services.

    Actually, a bit further down they the author recommends postfix. But gee, there is just so much ground to cover here, splitting this up would be good.

  2. Re:Sendmail by scrytch · · Score: 3, Informative

    587 is the "mail submission port", and is designed to be the port on which mail is originated, leaving port 25 for transferring mail between MTA's. This has various properties in that they can treat authentication differently (SMTP auth is required on port 587), and therefore has a number of anti-spam properties as well as some other benefits. Obviously port 25 is not going away for MSA's anytime soon, but it's a step. One big adopter of this is AOL: AOL users using AOL network services (e.g. corporate accounts) already are required to use port 587 when not using an AOL dialup, as AOL already rejects direct-to-MX on port 25 for most dynamic IP's.

    It's all spelled out in RFC2476

    --
    I've finally had it: until slashdot gets article moderation, I am not coming back.
  3. Re:I submitted the parent. by Maxlor · · Score: 2, Informative

    You mean like the dedicated chapter on Network Adress Translation in the official handbook? (http://www.freebsd.org/doc/en_US.ISO8859-1/books/ handbook/network-natd.html)

  4. Re:One thing I hate... by nyteroot · · Score: 2, Informative
    So you have a reasonably good, insightful comment, but for one utterly brain-dead comment:
    Hell, let's go back to Slackware!


    I can only assume, given the context, that you meant that sarcastically, as though Slackware were something that hardly deserved to be mentioned as an option. I'll have you know that Slakcware is one of three distros I would ever consider using (the other two being Debian and Gentoo) for much the same reason that you hate RedHat. Slackware has a package system that works just fine, thank you very much, and if you don't like it you can use some other distro's fairly easily too (yes, even your beloved portage). But Slackware and Debian are the only two major distributions that actually try to be Operating Systems and not Windows. Gentoo's sole raison d'etre is to provide an entire distribution built from source, which quite frankly is only something worth doing on a hobbyist level; for any sort of production box, the focus needs to be on simplicity, security and stability, precisely what Slack focusses on. So before you get on your high horse about Gentoo, consider that.

    --
    Ratio of replies to old sig content : replies to actual post content > 0.5. Sig changed.