[nycbug-talk] FreeBSD security document & tool. . .

steverieger steve
Fri Feb 18 08:37:14 EST 2005


To be honest with you

I have this exact issue with the fbsd folks (the developers not the users)

On my other os, I always mount /usr as read only, and all my sql and apache
stuff goes elswhere, but the default fbsd setup puts the apache rootdir in
/usr/local/www and sometimes the /var slice is a bit small to handle all my
databases. 

But for any decent sys admin I recommend to always mount /usr as
ro,nosuid,logging




My .02C




On 2/17/05 9:46 PM, "G. Rosamond" <george at sddi.net> wrote:

> There's a great security document and tool available for a number of
> OSs, including FreeBSD, at www.cisecurity.org
> 
> I'm going through the doc right now, which documents the tool's
> procedures. . . some looks pretty basic (disabling anonymous ftp) but
> some is very interesting (making sure no dot files are world
> writeable).
> 
> Highly recommended.
> 
> I'm going to run on my FBSD 5.3 workstation now, and maybe tryout on a
> less-than-mission-critical server tomorrow . . .
> 
> George
> 
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
> 






More information about the talk mailing list