Slashdot Mirror


Installing A Secure FreeBSD Box

ltwally writes "The guys over at LittleWhiteDog have a how-to on securing FreeBSD. Topics range from the basics to custom kernels, blowfish encryption, smtp, and custom firewall scripts. Definitely worth a look if you're running a FreeBSD box, or are interested in *nix security in general."

15 of 131 comments (clear)

  1. *BSD is secure by default.. by Anonymous Coward · · Score: -1, Troll

    .. it is very hard to get activity out of the dead....

    Oh, I've got to stop this trolling sometime.

  2. Do you still have to re-compile the kernel? by Anonymous Coward · · Score: -1, Troll

    The last time I tried to use FreeBSD as a firewall [circa FreeBSD 4.8.x], you had to recompile the kernel just to get a NAT router.

    Recompile the kernel? Give me a friggin' break. And there were like a gazillion how-to's all over the web, no two of which bore any resemblance whatsoever.

  3. not a great article by Anonymous Coward · · Score: -1, Troll

    What's so bad about the Linux updating system? Well, you need to keep in mind that the BSD distros are mostly source-based, from the packages you install to updating the operating system. And when you're dealing with source-based you can completely configure the application to do what you want and not what the person who made the package intended. So when you're using services such as up2date, you're using pre-packaged binaries that just don't suit my needs.

    Uhm, maybe he means "What's wrong with RED HAT". Sounds like he needs to give gentoo or Debian a spin. In fact Gentoo and FreeBSD are pretty similar if you squint at them the right way.

    Also, I remember the glory days when I would customize the packages. It sure was fun .. until I had to admin 20 boxes and continuously merge my changes into each upgrade. Then I decided it was best to work with what they give you.

    So, if nothing else, you should have learned what a monopolizing and cheating corporation Microsoft is and that should drive you even more to switch over to FreeBSD or some other non-monopolizing company's operating system.

    Yeah, I hate Microsoft too but I usually make slightly more persuasive arguments than showing photoshopped pictures of Bill Gates and calling Microsoft names. I don't think my boss would really "get" those, ya know?

    Let's start off by working with sendmail.

    Ha, okay, I guess I see now, this is a joke by some high school student. Nobody would title a document "how to secure a BSD system" and put this sentence in it on purpose.

    If you didn't, it is a good option to include, as it logs all attempts to closed ports.

    My boxes log enough crap as it is.. please turn that shit OFF.

    I like to change the default algorithm used when encrypting a user's password to the Blowfish algorithm, as it provides the highest security at the greatest speed.

    *rolls eyes* Yeah man, using blowfish to encrypt passwords instead of MD5 will totally lock down your box. Thank goodness you sealed that gaping hole.

    For example, my login prompt looks like this: I'm a node in cyberspace. Who the hell are you?

    Hackers, look out! This guy is TUFF AS NAILZ.

    Please note if you're running versions earlier than 5.2 the name changed.

    Rule of thumb: pre-stable unreleased versions of an OS are GREAT for security. No not really.

    Sendmail is installed by default on FreeBSD systems and unless configured properly, it is extremely insecure.

    Ho ho, he redeems himself! Well, here's how to configure it properly: chmod 000 /usr/libexec/sendmail/sendmail

    Originally, I planned on making this document a lot more in-depth specifically towards IDS, setting up various other services. Then I got burned out and I just don't feel like it anymore.

    That explains a lot..

    Well this article was "okay" but it REALLY needs a good editor to trim the fat and fix a few spots......

  4. The *BSD Wailing Song by Anonymous Coward · · Score: -1, Troll

    The *BSD Wailing Song

    What's left for me to see
    In my ship I sailed so far
    What can the answer be
    Don't know what the questions are.
    And after all I've done
    Still I cannot feel the sun
    Tell me save me
    In the end our lost souls must repent.
    I must know it is for certain
    Can it be the final curtain
    As long as the wind will blow
    I'll be searching high and low.
    Who knows what's really true
    They say the end is so near
    Why are we all so cruel
    We just fill ourselves with fear.
    And heaven and hell will turn
    All that we love shall burn
    Hear me trust me
    In the end our lost sould must repent.
    I must know it is for certain
    Can it be the final curtain
    As long as the wind will blow
    I'll be searching high and low
    Final curtain
    Final curtain

  5. Re:First BSD Troll by larry+bagina · · Score: -1, Troll

    no, he just forgot to douche after having butt-sex with CowboyNeal.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  6. Howto Secure a FreeBSD box by Anonymous Coward · · Score: -1, Troll

    Format over it and install Linux. Then again every hacker is too good to hack the dead filth that *BSD is, so there really is no problem.

  7. Elegy for *BSD by Anonymous Coward · · Score: -1, Troll

    Elegy for *BSD


    I am a *BSD user
    and I try hard to be brave
    That is a tall order
    *BSD's foot is in the grave.

    I tap at my toy keyboard
    and whistle a happy tune
    but keeping happy's so hard,
    *BSD died so soon.

    Each day I wake and softly sob
    Nightfall finds me crying
    Not only am I a zit faced slob
    but *BSD is dying.

  8. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    Fact: *BSD is dying

    It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major marketing surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among hobbyist dilettante dabblers. In truth, for all practical purposes *BSD is already dead. It is a dead man walking.

    Fact: *BSD is dying

  9. freelance gig blows by Anonymous Coward · · Score: -1, Troll


    I don't want to start a holy war here, but what is the deal with you BSD fanatics? I've been sitting here at my freelance gig in front of a BSD box (a PIII 800 w/512 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this BSD box, the same operation would take about 2 minutes. If that.
    In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even Emacs Lite is straining to keep up as I type this.

    I won't bore you with the laundry list of other problems that I've encountered while working on various BSD machines, but suffice it to say there have been many, not the least of which is I've never seen a BSD box that has run faster than its Windows counterpart, despite the BSD machines faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 800 mhz machine at times. From a productivity standpoint, I don't get how people can claim that BSD is a "superior" machine.

    BSD addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a BSD over other faster, cheaper, more stable systems.

  10. BSD anchors the "B" team by Anonymous Coward · · Score: -1, Troll
    We must report with a heavy heart that Bob "I'm still dead" Hope has gone on to join the "B" team. As you all may know, BSD has been part of the "B" team for quite some time.

    The Year of Our Lord 2003 has been a particularly bad year for the "B"s,

    • Bob Hope
    • Buddy Ebsen
    • Buddy Hackett
    • Barry White
    • BSD
    This honored list of dead is but a small token of adieu from the many fans of the deceased.
    These dead were truly some American Icons. They will be missed.
  11. I hear a faint thud from across the room by Anonymous Coward · · Score: -1, Troll

    it's BSD. it's DEAD. I'm sorry

  12. FreeBSD in proper perspective by Anonymous Coward · · Score: -1, Troll

    What We Can Learn From BSD
    By Chinese Karma Whore, Version 1.0

    Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.

    Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.

    These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.

    As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.

    Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the generous goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.

    The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.

  13. the BSD ghetto by Anonymous Coward · · Score: -1, Troll
    BSD you grow in the ghetto, living second rate
    And your eyes will sing a song of deep hate.
    The places you play and where you stay
    Looks like one great big alley way.
    You'll admire all the numberbook takers,
    Thugs, BSD pimps and pushers, and the big money makers.
  14. Sux0rs B - S - D by Anonymous Coward · · Score: -1, Troll
    In a startling turn of events today, a previously little-known fact came into the public eye: "*BSD Sux0rs". This came as a complete surprise to the BUWLA, or BSD Users With Large Assholes, as they previously thought that *BSD 0wned.

    "You see, even though I have never ever contributed code to any BSD project, I thought it was my duty to be a big asshole to others which don't use the OS I do, because it just 0wnz.", said one FreeBSD user. "Now that I know it sux0rs, though, I have to go find something else to be an asshole about."

    One notorious OpenBSD fanatic known as WideOpen, told reporters, "I have to kill myself. This isn't how it was supposed to happen. My BSD has always been the best, and shouting that opinion in other people's faces at every chance I got has been my only hobby. It was all I ever did. It was what got me out of bed in the morning. Now I have to die. I will jam my bedpost up my ass until I hit my brain. It is the only way to go: BSD style."

    In the volatile world of operating systems anything can happen. "At least we don't sux0r as much as Windows users", BigAzz, a relatively well-known NetBSD user said. "Screaming things in people's faces is my calling. Now I need to scream that BSD sux0rs. What a sad world. At least I won't kill myself like those uber-asshole OpenBSD guys. They are just way over the top. Or were, at least."

    Nobody knows for sure what the future holds for the state of operating systems, but with Netcraft confirming the sux0r status, *BSD users all over the world will have to stick something else up their asses from now on or risk looking even more gay than they used to.

  15. Breaking news from CNN by Anonymous Coward · · Score: -1, Troll

    this Bitch iS Dead