I've got a new installation of 8.2 RELEASE and I want to keep it as secure as possible since I'm using it as a web server. In another thread I got the advice to run:
and
When I run those commands it looks like things are ok, except that there seems to be an open port for MySQL:
I did some searching for how to set up MySQL for local only and found some old posts on FreeBSD Diary. What is the current recommended way to make MySQL local only? There seems to be a way to add some parameters to rc.conf, but then there's also a file here that looks like some sort of config file:
when I run sockstat, I get a lot more output. SSH and port 80 are on the list but there's also sendmail (which should also be send-only) and ntpd that I don't see a reason to leave open to the outside world:
Thanks.
Code:
# sockstat -46
Code:
# netstat -an | grep LISTEN
When I run those commands it looks like things are ok, except that there seems to be an open port for MySQL:
Code:
# netstat -an | grep LISTEN
tcp4 0 0 127.0.0.1.25 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp46 0 0 *.80 *.* LISTEN
tcp46 0 0 *.3306 *.* LISTEN
Code:
/usr/local/etc/rc.d/mysql-server
when I run sockstat, I get a lot more output. SSH and port 80 are on the list but there's also sendmail (which should also be send-only) and ntpd that I don't see a reason to leave open to the outside world:
Code:
root sendmail 1480 4 tcp4 127.0.0.1:25 *:*
www httpd 1479 3 tcp4 6 *:80 *:*
www httpd 1479 4 tcp4 *:* *:*
www httpd 1478 3 tcp4 6 *:80 *:*
www httpd 1478 4 tcp4 *:* *:*
www httpd 1477 3 tcp4 6 *:80 *:*
www httpd 1477 4 tcp4 *:* *:*
www httpd 1476 3 tcp4 6 *:80 *:*
www httpd 1476 4 tcp4 *:* *:*
www httpd 1475 3 tcp4 6 *:80 *:*
www httpd 1475 4 tcp4 *:* *:*
root sshd 1467 3 tcp6 *:22 *:*
root sshd 1467 4 tcp4 *:22 *:*
root httpd 1438 3 tcp4 6 *:80 *:*
root httpd 1438 4 tcp4 *:* *:*
mysql mysqld 1417 10 tcp4 6 *:3306 *:*
root ntpd 1259 20 udp4 *:123 *:*
root ntpd 1259 21 udp6 *:123 *:*
root ntpd 1259 22 udp6 fe80:6::1:123 *:*
root ntpd 1259 23 udp6 ::1:123 *:*
root ntpd 1259 24 udp4 127.0.0.1:123 *:*
root ntpd 1259 26 udp4 192.168.1.6:123 *:*
root syslogd 1035 6 udp6 *:514 *:*
root syslogd 1035 7 udp4 *:514 *:*
Thanks.