FreeBSD post-installation actions

S

stanko

Hi everybody,

First post and first FreeBSD installation.

I would like to learn about FreeBSD, so I decided to set up my personal web server. Of course, with web servers, security is always a question. So, I've decided to go one step at the time.

My questions:

I have installed FreeBSD, and during the installation I've selected to install ports and sshd. sshd connections are blocked by default. So, basically,
  1. If I set up sshd correctly and set up the firewall correctly, I will have an "impenetrable" system? I.e. at this point these two services are the only things I should focus on and I will have a secured system? Do I have to set any other service up for security?
  2. If the answer to 1. is "yes", then I can proceed to installing AMP. Do the same rules, regarding security, apply as if I was doing this on a Linux machine?
I hope my questions make sense. I admit I haven't studied much about FreeBSD, so I hope you'll direct me to the right sources for learning FreeBSD and web server set up on it. As I read, Handbook is a good place to start. What about securing the server?

Thanks in advance.
 
  1. Not if you pick bad, easily guessed, passwords for your accounts.
  2. Yes.
 
SSH connections are not blocked by default if you enable the sshd(8) service because there's no firewall enabled by default in FreeBSD. If you disable password and challenge-response authentications and force the use of public keys for authentication you have pretty much an impenetrable system as far as SSH goes. There's one important caveat, you have to take good care of your private key and make sure it can not leak under any circumstances.
 
Of course, I forgot to mention securing the root user (and all other users). :)

In the meantime, I found this thread: http://forums.freebsd.org/showthread.php?t=4108 It'll give me something to think about in the following days. I guess it is a good source to start from.

Thank you for your reply @SirDice. So, the rule is:
  1. Secure user accounts.
  2. Set PF firewall rules.
  3. Now you have secured the clean install of FreeBSD. Secure all additional services you install (SSH, Apache, MySQL, ...). Securing them is done the same way as on Linux.
I am starting to read the Handbook. ;)
 
Last edited by a moderator:
The thread you found should give you a good starting point. I think it's mentioned in that thread too but there's also security(7).
 
You must log in or register to reply here.
Back
Top