I wanted to harden my FreeBSD install so I searched the web but nothing useful. The only wiki that I found was this https://wiki.ghostbsd.org/index.php/Security.
I have added the following lines to to /etc/sysctl.conf.
I haven't yet added these fearing breakage
I tried to find out what each of these line actually do by searching them using multiple search engines but unfortunately didn't find any useful information. Q1) If anyone can tell what's the function of these lines it will be awesome. I know there are quite a few of them so its going to require some effort and patience. Q2) The lines that are below the heading "The settings below will change the user experience" what do these line do & what kind of change in user experience can I expect ? I have only one desktop at home. I don't have a separate test machine where I can experiment. Q3) If you know about any other security tweaks that is not mentioned in that wiki please tell me about it.
Note : My primary goal is to enhance network security. Local security is secondary for me.
I have added the following lines to to /etc/sysctl.conf.
Code:
hw.kbd.keymap_restrict_change=4
kern.sugid_coredump=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.drop_redirect=1
net.inet.ip.accept_sourceroute=0
net.inet.ip.check_interface=1
net.inet.ip.forwarding=0
net.inet.ip.process_options=0
net.inet.ip.random_id=1
net.inet.ip.redirect=0
net.inet.ip.sourceroute=0
net.inet.tcp.always_keepalive=0
net.inet.tcp.blackhole=2
net.inet.tcp.drop_synfin=1
net.inet.tcp.icmp_may_rst=0
net.inet.tcp.nolocaltimewait=1
net.inet.tcp.path_mtu_discovery=0
net.inet.udp.blackhole=1
net.inet6.icmp6.rediraccept=0
net.inet6.ip6.forwarding=0
net.inet6.ip6.fw.enable=1
net.inet6.ip6.redirect=0
I haven't yet added these fearing breakage
Code:
# The settings below will change the user experience
security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
security.bsd.see_other_gids=0
security.bsd.see_other_uids=0
security.bsd.stack_guard_page=1
security.bsd.unprivileged_proc_debug=0
security.bsd.unprivileged_read_msgbuf=0
I tried to find out what each of these line actually do by searching them using multiple search engines but unfortunately didn't find any useful information. Q1) If anyone can tell what's the function of these lines it will be awesome. I know there are quite a few of them so its going to require some effort and patience. Q2) The lines that are below the heading "The settings below will change the user experience" what do these line do & what kind of change in user experience can I expect ? I have only one desktop at home. I don't have a separate test machine where I can experiment. Q3) If you know about any other security tweaks that is not mentioned in that wiki please tell me about it.
Note : My primary goal is to enhance network security. Local security is secondary for me.