Definitely a blog written by someone coming from Linux.
And someone who seems to have very little notion of anything related to security. Not the kind of blog which advice I would follow.
#2 - Small nitpicking on my end but this will become more important later:
vi is the default editor on FreeBSD, not
ee. But this advice is incomplete, which sets the tone for the entire blog.
#3 & #4 - This is the kind of advice from a total idiot, pardon the expression. Allowing remote root logins and then calling it "secure SSH on FreeBSD" is a bad joke not to mention bad advice. Then adding insult to injury to suggest that people use keybased authentication yet
without passwords and
without disabling password logins is a recipe for total disaster. This is just utterly stupid.
At the very least use (strong) passwords on the keys, disable password protection in
/etc/sshd_config entirely and if you still insist on allowing direct root logons (dumb, dumb, dumb!) then at least change the SSH port from
22 (= commonly known target) to something else.
Another reason why I think the writer is an idiot?
#6 - Although he fortunately understands that you shouldn't edit
/etc/passwd manually but instead should use the
chpass
command he apparently still thinks that this method will always use
vi. Why did he install
editors/nano if he isn't going to use it? Maybe because he doesn't know how to? And to add onto #2: if
ee is the alleged default editor in FreeBSD then why is
vi started here?
So to address #2 and #6: What you do is also set the
EDITOR environment variable and point that to the editor of your preference. After that it will be used as default by the system. So even a command such as
vipw
will open
/etc/passwd with your preferred editor,
not vi.
In addition I personally recommend
not changing the
root shell to anything else. Why would you need to make the usage of the
root account "easier" when this is an account which is best not used casually anyway? Not to mention that
csh is a much better shell for interactive purposes than the others are.
#7 - Should at least have mentioned that if you're using a DHCP setup then setting up a static IP address is not a good idea. Especially not if you're using an address in the DHCP range. Why? Simple: all the DHCP server will know is that you didn't apply for a lease, so the lease to your IP address is still open.
Meaning that if more people start to use your network (who most likely will use DHCP) there's now a potential chance for 2 clients to start using the same IP address. You with your static address and someone else who got your address through a lease.
Great thinking here (not!).
Anyway, the rest is pretty mediocre advice and stuff I personally wouldn't bother mentioning as stuff to do after an installation. #8 to #10 can be easily exchanged with: also pay some attention to the
FreeBSD handbook.
(edit): Re-reading I'm actually surprised that they didn't advice the readers to pick and set up a firewall. Something which I'd deem pretty important, and considering that FreeBSD provides 3 it's not an obvious choice to make.
Not the kind of blog I'd soon advice people to read. If they're this bad with the topic of FreeBSD then I can only shudder at thinking about the quality of the other stuff.
(edit2): Disclaimer: I'm expressing a very critical opinion about the blog author in a rather direct way. That's not because the author apparently doesn't know several aspects about FreeBSD administration, but more so because he presents it as if he does. Worse yet: while the target audience are obviously less experienced admins. That's just bad.