First Install - Basic Desktop Security

Hey all, first thanks to the developers who improved the FreeBSD installer...this is the first time I've been able to install it on my old laptop without an ethernet connection. Awesome.

So this is my first time setting this up, I'm a pretty big newb with Linux and BSD and I was just wondering if there's anything serious security related that I'm missing? It's for a home desktop...

User accounts - root, 1 user in wheel, 1 user not in wheel
Firewall - enabled IPFW - workstation. I originally had pf enabled with "block in all pass out all keep state" in pf.conf, but since I don't know what I'm doing, I figured I'd use the default IPFW.
Disabled ssh since I'm not using this as a server but as a home desktop computer and I don't need to make remote connections to it.
Performed freebsd-update, but I have to add this to cron.
Installed MATE, Firefox, and Thunderbird.
I'm gonna try to install sudo, but I'm really not sure if I need to if I just run MATE/the desktop in the non-wheel group. I read somewhere on here never to enter root/su while in Xorg.
Anything else blazingly wrong security-wise?

Thanks
 
If it's just for personal usage (and maybe some people you trust), I'd say you're fine. Just don't chmod -R 777 / :p. You do want to avoid using root while in X though.

If you're planning on using this in a shared environment, then that's another discussion and you may want to provide more details
 
By "shared" environment Dylan Allbee meant there's more than one user using the machine. There are some additional settings you can do to prevent User1 from accessing User2's files for example.
 
If you're the only user on the machine, I suggest to use su -m rather than security/sudo since it's enough and simpler.

In addtion, you should regularly audit your packages using pkg audit -F like freebsd-update.
 
Performed freebsd-update, but I have to add this to cron.
Not necessarily I reckon. If you are not running a server, and you said you are not, you may perform an update manually from time to time. I do prefer doing it manually.

I'm gonna try to install sudo, but I'm really not sure if I need to if I just run MATE/the desktop in the non-wheel group. I read somewhere on here never to enter root/su while in Xorg.
I have never heard this to be honest. In fact, I always su(1) while I am on an X session. Ah, yes...and my day to day user is in the wheel group :cool:

You may want to spend some time reading this page every now and then. But, as suggested by alphachi, pkg audit -F should check known vulnerabilities for you already.

The FreeBSD Handbook has a dedicated chapter on security, a must read if you are concerned about the security.
 
Back
Top