Can anyone help me harden OpenBSD? Am I off to a good start with the commands below? Anything I should add?
edit /etc/rc.securelevel
Code:
sysctl kern.securelevel=2
Code:
chflags schg /bsd
chflags -R schg /bin
Code:
chflags schg /bsd
chflags schg /etc/changelist
chflags schg /etc/daily
chflags schg /etc/inetd.conf
chflags schg /etc/netstart
chflags schg /etc/pf.conf
chflags schg /etc/rc
chflags schg /etc/rc.conf
chflags schg /etc/rc.local
chflags schg /etc/rc.securelevel
chflags schg /etc/rc.shutdown
chflags schg /etc/security
chflags schg /etc/mtree/special
chflags -R schg /bin
chflags -R schg /sbin
chflags -R schg /usr/bin
chflags -R schg /usr/libexec
chflags -R schg /usr/sbin
edit etc/sysctl.conf
Code:
vm.swapencrypt.enable=1
edit /etc/rc.conf
edit /etc/inetd.conf