[nycbug-talk] Re:FreeBSD Newbie

[Pete Wright]

freebsd wrote:

>
>I was told that "FreeBSD is secure out of the box" is that pretty true? Are there any major service I should turn off or on now that its "hot"
>
>  
>
The one service I would disable right off the bat is "telnet".  You can 
disable this in your /etc/inet.d file.  If you put a # in front of the 
line that looks like this:

telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd

then reload the inet daemon like this:

$ kill -HUP `cat /var/run/inetd.pid`
(those are backticks)

    as root that will disable this service.  Before you do so, a little 
background.  Telnet, as you know, is a program that allows you to 
establish a remote shell to your Unix host.  There is a huge problem 
with telnet tho, all data is sent over the network clear text.  So, when 
you log into your server anyone that can see your data will be able to 
see your username and passwords unencrypted.  Yikes!

    So what do you do to get around this problem, you obviously want to 
still be able to remotely admin your Unix server.   SSH, the Secure 
SHell, has all of the benefits of telnet expect your data is encrypted 
making it harder for the Axis of Evil to sinff your data.  SSH is part 
of a default FreeBSD install, I would suggest checking out these links 
for more info:

http://openssh.org/
and here is a random "primer" that i got off google
http://www.chemistry.ohio-state.edu/compsupp/Docs/ssh_primer.html
and finally from a shell
$ man ssh

    So anyway, I would become familiar with ssh before turning off 
telnet; but from a security stand point that is the first thing I do 
before I start setting up any Unix host.  

    I hope you enjoy hacking BSD, it rocks!  There are usually helpfull 
people on #nycbug on irc.freenode.net as well, so come by and chat!

-pete

-- 
~~~oO00Oo~~~
Pete Wright
email:  pete at nomadlogic.org
mobile: 917.415.9866
web:    www.nomadlogic.org/~pete
member: NYCBUG www.nycbug.org
New York City's BSD User Group