Update
This commit is contained in:
Xavier Beaudouin
@ -9,6 +9,17 @@ colorlinks: true
|
||||
toc: true
|
||||
toc-own-page: true
|
||||
titlepage: true
|
||||
header-includes:
|
||||
- |
|
||||
```{=latex}
|
||||
\usepackage{awesomebox}
|
||||
```
|
||||
pandoc-latex-environment:
|
||||
noteblock: [note]
|
||||
tipblock: [tip]
|
||||
warningblock: [warning]
|
||||
cautionblock: [caution]
|
||||
importantblock: [important]
|
||||
...
|
||||
|
||||
# Introduction
|
||||
@ -59,9 +70,9 @@ done;
|
||||
```
|
||||
|
||||
|
||||
# Chapter1. Patches and basic firewall
|
||||
# Chapter 1. Patches and basic firewall
|
||||
|
||||
## Apply the latest OS patches
|
||||
## 1.1. Apply the latest OS patches
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -81,7 +92,7 @@ freebsd-update install
|
||||
If output says `Run 'freebsd-update [options] fetch' first`, you will
|
||||
*NOT* need to reboot again your server.
|
||||
|
||||
## Enable SSH
|
||||
## 1.2. Enable SSH
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -97,13 +108,13 @@ this package when the server starts. It will generate the first start
|
||||
of SSH the server public keys.
|
||||
|
||||
|
||||
## Enable Firewall
|
||||
## 1.3. Enable Firewall
|
||||
|
||||
TODO: Do / Or not ? `pf` or `ipfw` ?
|
||||
|
||||
# Chapter 2. Minimise boot services
|
||||
|
||||
## Set password on single user consoles
|
||||
## 2.1. Set password on single user consoles
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -124,7 +135,7 @@ will need to have a root password set, otherwise and in case of failure to boot
|
||||
your system will be lost (for example, if root access can be given _only_ with
|
||||
`sudo` or `doas`).
|
||||
|
||||
## Set daemon umask
|
||||
## 2.2. Set daemon umask
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -144,13 +155,13 @@ current `umask` settings. To modify any `umask` setting which differs from the a
|
||||
sed -i .pre -e 's/XXX/022/g' FILE
|
||||
```
|
||||
|
||||
Where `XXX` is the current umask setting and `FILEi` is the file with the offending `umask` setting.
|
||||
Where `XXX` is the current umask setting and `FILE` is the file with the offending `umask` setting.
|
||||
|
||||
## Prevent `syslogd` from accepting messages from the network
|
||||
## 2.3. Prevent `syslogd` from accepting messages from the network
|
||||
|
||||
*Question:*
|
||||
|
||||
/Is this machine a log server or does it, for any reason, need to receive messages from other machines over the network?/
|
||||
Is this machine a log server or does it, for any reason, need to receive messages from other machines over the network?
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -168,11 +179,11 @@ The current action disable *also* the ability to send syslog into a central serv
|
||||
sysrc syslogd_flags="-s"
|
||||
```
|
||||
|
||||
## Disable `sendmail` server if possible
|
||||
## 2.4. Disable `sendmail` server if possible
|
||||
|
||||
*Question:*
|
||||
|
||||
/Is this server is an email server or relay for others hosts on the network or over in the Internet?/
|
||||
Is this server is an email server or relay for others hosts on the network or over in the Internet?
|
||||
|
||||
*Action:*
|
||||
|
||||
@ -189,3 +200,6 @@ FreeBSD offers the ability to disable `sendmail` from listening for remote netwo
|
||||
Notice if you need to forward local mail into a central hub, you can use the `dma` agent on FreeBSD 14+ or use `mail/ssmtp` package instead.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user