Other Security suite for FreeBSD?

Lamia

Well-Known Member

Reaction score: 54
Messages: 337

Bro
Snort
Get sshguard, bruteforceblocker, etc.

One of the first two options can used. Both could work seamlessly though. They are IDS and IPS.
 

Trihexagonal

Daemon

Reaction score: 979
Messages: 1,629

I use security/aide, run it after the last program is installed then move the database to a USB drive, which I have only bothered to check a couple times.

I use security/rkhunter more frequently but rely more on my system not having any running services available, pf firewall and control over my clicking finger. That and the fact FreeBSD isn't vulnerable to malware targeting Windows.
 

PMc

Aspiring Daemon

Reaction score: 173
Messages: 505

I think the best "security suite" is the thorough configuration of all installed things: configure everything to do precisely what it is intended for and only that. Provide exact parameters, ports, hostnames, pathnames (and obviousely, passwords) according to your architecture, instead of the defaults.
Use a firewall config that is not some crap copied from the web, but does allow exactly the services that are used, and only these. Make services that are rarely used switchable to be enabled only when needed.
 

Phishfry

Son of Beastie

Reaction score: 1,504
Messages: 4,347

I use security/clamav and run its scanner once a month manually via security/clamtk on my desktops.
I am not really keen on all its false positives but it has found several malicious files embedded inside normal looking files.
For example it found an naughty javascript embedded inside a PDF that I would have never caught by hand.
 

Trihexagonal

Daemon

Reaction score: 979
Messages: 1,629

Use a firewall config that is not some crap copied from the web, but does allow exactly the services that are used, and only these.
The human bean is the weak link.

Conseal PC Firewall was a rule-based packet filter for Windows98 and the first piece of software I loved. I still use a port 0 rule from back then and have posted my pf ruleset here before.
 

bookwormep

Well-Known Member

Reaction score: 163
Messages: 292

I would echo all that was mentioned above. With adding only keeping back-ups of your configuration files and data files. (You can recover from back-ups.)
 

Lamia

Well-Known Member

Reaction score: 54
Messages: 337

Personally I don't keep ssh open to the public with my firewall.
For my 2 instances on Linode I use security/tripwire and ssh keys with ed25519 in my instances.
Plus I change the port number from default.
Tripwire does the same work as rkhunter, AIDE and/or LYNIS. I would recommend them like many other ones mentioned above.
 

ShelLuser

Son of Beastie

Reaction score: 1,745
Messages: 3,564

Security isn't a product you slap onto your server, it's an ever lasting and ongoing process for as long as that server is operative.
 
  • Thanks
Reactions: PMc
Top