Re: security of a new installation / steps to take

2008-02-21 Thread Olivier Nicole
Hi, To all the things that follow (sorry about top reply) I'd add a clever configuration of tcpwrapper (/etc/hosts.allow) whenever it is possible: allows to open a service to a list of given clients only. It is just another layer of security. Olivier So far I have had FreeBSD systems only in

Re: security of a new installation / steps to take

2008-02-20 Thread Schiz0
On Feb 20, 2008 11:02 AM, Zbigniew Szalbot [EMAIL PROTECTED] wrote: Dear all, In a matter of weeks we will be moving our office server replacing it with a dedicated server machine functioning at an ISP's location. I have spoken to them and they use Fedora so they won't be able to help me

Re: security of a new installation / steps to take

2008-02-20 Thread Bill Moran
On Wed, 20 Feb 2008 17:02:22 +0100 Zbigniew Szalbot [EMAIL PROTECTED] wrote: In a matter of weeks we will be moving our office server replacing it with a dedicated server machine functioning at an ISP's location. I have spoken to them and they use Fedora so they won't be able to help me much

Re: security of a new installation / steps to take

2008-02-20 Thread Zbigniew Szalbot
Hello, 2008/2/20, Matthew Seaman [EMAIL PROTECTED]: Make sure you track [EMAIL PROTECTED] and apply any system patches in a timely manner. Also make full use of portaudit(1) and generally ensure that you are running up to date versions of any ported software. Thaaanks! Ah... this brings

Re: security of a new installation / steps to take

2008-02-20 Thread Matthew Seaman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zbigniew Szalbot wrote: So far I have had FreeBSD systems only in office so I used my hardware firewall (Dlink DFL 700) to block access to services on ports 22, etc. Now, at the ISP I won't be able to do this so I will need to be a lot more

Re: security of a new installation / steps to take

2008-02-20 Thread Jerry McAllister
On Wed, Feb 20, 2008 at 05:22:02PM +, Matthew Seaman wrote: This is a very nice summary. I will steal it and post it on the wall in our cube-maze hallway. Thanks, jerry -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zbigniew Szalbot wrote: So far I have had FreeBSD systems

Re: security of a new installation / steps to take

2008-02-20 Thread Matthew Seaman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zbigniew Szalbot wrote: Hello, 2008/2/20, Matthew Seaman [EMAIL PROTECTED]: Make sure you track [EMAIL PROTECTED] and apply any system patches in a timely manner. Also make full use of portaudit(1) and generally ensure that you are

Re: security of a new installation / steps to take

2008-02-20 Thread Paul Schmehl
--On Wednesday, February 20, 2008 17:22:02 + Matthew Seaman [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zbigniew Szalbot wrote: So far I have had FreeBSD systems only in office so I used my hardware firewall (Dlink DFL 700) to block access to services on