[anomie]

Quote:

Originally Posted by cajunman4life

I'd like to start a lively discussion on the methods and procedures everyone uses to "harden" their FreeBSD systems.

Desktop or server? In either case, depending on how it's being used would determine how many hardening cycles I'd go through.

Pretty straightforward for my desktop:

1. make sure no daemons are listening for tcp/udp connections (except maybe dhclient);
2. search for and disable useless (to me) suid/sgid programs;
3. enable the blackhole(4) sysctl MIBs;
4. turn off core dumps (more because I don't want to have to look for and delete them);
5. occasionally run the security/rkhunter app to perform some sanity checking;
6. believe it or not, scan downloaded files with clamav;
7. review system logs and emails;
8. keep base system and ports updated with security fixes asap.

I actually need to run an annoying proprietary java app that listens on all local interfaces to establish a secure connection with a system at work, so keeping in line with point #1 I run a packet filtering firewall to prevent outside connections to it. (Otherwise I probably wouldn't bother with the firewall.)