Other Security suite for FreeBSD?

Bro
Snort
Get sshguard, bruteforceblocker, etc.

One of the first two options can used. Both could work seamlessly though. They are IDS and IPS.
 
I use security/aide, run it after the last program is installed then move the database to a USB drive, which I have only bothered to check a couple times.

I use security/rkhunter more frequently but rely more on my system not having any running services available, pf firewall and control over my clicking finger. That and the fact FreeBSD isn't vulnerable to malware targeting Windows.
 
I think the best "security suite" is the thorough configuration of all installed things: configure everything to do precisely what it is intended for and only that. Provide exact parameters, ports, hostnames, pathnames (and obviousely, passwords) according to your architecture, instead of the defaults.
Use a firewall config that is not some crap copied from the web, but does allow exactly the services that are used, and only these. Make services that are rarely used switchable to be enabled only when needed.
 
I use security/clamav and run its scanner once a month manually via security/clamtk on my desktops.
I am not really keen on all its false positives but it has found several malicious files embedded inside normal looking files.
For example it found an naughty javascript embedded inside a PDF that I would have never caught by hand.
 
Use a firewall config that is not some crap copied from the web, but does allow exactly the services that are used, and only these.

The human bean is the weak link.

Conseal PC Firewall was a rule-based packet filter for Windows98 and the first piece of software I loved. I still use a port 0 rule from back then and have posted my pf ruleset here before.
 
Personally I don't keep ssh open to the public with my firewall.
For my 2 instances on Linode I use security/tripwire and ssh keys with ed25519 in my instances.
Plus I change the port number from default.
Tripwire does the same work as rkhunter, AIDE and/or LYNIS. I would recommend them like many other ones mentioned above.
 
Security isn't a product you slap onto your server, it's an ever lasting and ongoing process for as long as that server is operative.
 
  • Thanks
Reactions: PMc
Tripwire does the same work as rkhunter, AIDE and/or LYNIS. I would recommend them like many other ones mentioned above.
That brings back memories, some far distant (Netscape Server on Solaris 5.5 with the tripwire checksums on a read-only floppy, circa 1997), and some more recent (AIDE rolled out gratuitously to 1000+ Linux systems).

You should do the risk analysis and design before you test (and subsequently commit to) any particular solution. Testing is important, as it is likely to inform you in a very pertinent way.

Without careful configuration, the security/tripwire type applications can be incredibly noisy (to the point of being useless), especially if you patch often (as you should in a vulnerable environment).

Then then need to figure out how to automate the collection and analysis of the logs -- the usual suspects are splunk, and elasticsearch.

Without such automation, the logs will be just so much overwhelming junk to ignore. However, done well, the automated analysis will pick up anomalies you need to know about. Then the faceted search tools will let you investigate.
 
Back
Top