improving security *

This topic is incomplete.
11 August 1998
I decided it was time to improve the security on my system.  I used
http://www.freebsd.org/~jkb/howto.html
as the starting point.  Please read that resource in conjunction with what I have done below.
in /etc/rc.conf, I set inetd_flags="-l -R 1024"
Next, in /etc/inet.conf,  I did:
telnet  stream  tcp  nowait  root   /usr/libexec/telnetd    telnetd -h -U
ftp.* /var/log/ftpd was added to /etc/syslog.conf
I remembered to "touch /var/log/ftpd" because syslogd can't write to a file which isn't created first.
added an entry to /etc/newsyslog.conf to ensure the log is properly rotated.
I disabled telnet, shell, login, ntalk, and comsat in /etc/inet.conf
added options IPFIREWALL_VERBOSE #log the net to /usr/src/sys/i386/conf/DANDHCP
OK.  Time to recompile, using the instructions found in the
Building and Installing a Custom Kernel
section of the
FreeBSD handbook
.
Like the website? Want to give back? Please visit my
wish list
!


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/4206/showart_523818.html

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有