Favorite Security Tweaks

[mianwright]

I have really enjoyed this forum and I think PC-BSD is great. I have been playing around with FreeBSD for over a year and PC-BSD is a great leap forward in simplicity and style. Well done everyone.

I am running OpenBSD on another box that I have but the community of support is just not as strong as FreeBSD. I would like to think that my FreeBSD box is locked down as tight as my OpenBSD but I know that's not true. I also wonder if Kris has disabled everything that the typical desktop user wouldn't use that might be a security issue.

My question to y'all is: what are your favorite security tweaks? What do I need to turn off? I don't need a webserver, ftp, mail server, none of it. Your thoughts would be much appreciated.

Ian

[Charles]

I like to recompile kernel with ipfw.

[mianwright]

cool. That is exactly what I was curious about. Isn't that the same firewall that comes standard on the Mac OSX? Do you use a GUI? I also disabled inetd and sendmail on OpenBSD but I am not sure their status in PC-BSD.

[antik]

Originally Posted by mianwright

cool. That is exactly what I was curious about. Isn't that the same firewall that comes standard on the Mac OSX? Do you use a GUI? I also disabled inetd and sendmail on OpenBSD but I am not sure their status in PC-BSD.

You can read /etc/defaults/rc.conf file to disable default values DO NOT EDIT! Please add disable linest to /etc/rc.conf for this.

[mianwright]

From what I read in rc.conf. inetd is not enabled.
Sendmail is not enabled either but I did find this. sendmail_outbound_enable="YES" running.
I am curious if this is the default setup on FreeBSD or did Kris tweak these?
is "outbound" a security risk?