[nycbug-talk] FreeBSD security document & tool. . .
steverieger
steve
Fri Feb 18 08:37:14 EST 2005
To be honest with you
I have this exact issue with the fbsd folks (the developers not the users)
On my other os, I always mount /usr as read only, and all my sql and apache
stuff goes elswhere, but the default fbsd setup puts the apache rootdir in
/usr/local/www and sometimes the /var slice is a bit small to handle all my
databases.
But for any decent sys admin I recommend to always mount /usr as
ro,nosuid,logging
My .02C
On 2/17/05 9:46 PM, "G. Rosamond" <george at sddi.net> wrote:
> There's a great security document and tool available for a number of
> OSs, including FreeBSD, at www.cisecurity.org
>
> I'm going through the doc right now, which documents the tool's
> procedures. . . some looks pretty basic (disabling anonymous ftp) but
> some is very interesting (making sure no dot files are world
> writeable).
>
> Highly recommended.
>
> I'm going to run on my FBSD 5.3 workstation now, and maybe tryout on a
> less-than-mission-critical server tomorrow . . .
>
> George
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
More information about the talk
mailing list