Τετάρτη, Οκτωβρίου 03, 2007

video

Securing FreeBSD ( 1 )

Login: root
password: password


# ee /usr/X11R6/bin/startx

CHANGE the following

serverargs=""
to
serverargs="-nolisten tcp"

Save and Quit [ esc a a ]



# ee /etc/mail/sendmail.cf

CHANGE the following

O DaemonPortOptions=Port=587, Name=MSA, M=E
to
#O DaemonPortOptions=Port=587, Name=MSA, M=E

Save and Quit [ esc a a ]


# killall -HUP sendmail


# ee /etc/ssh/sshd_config

CHANGE the following

#Protocol 2
to
Protocol 2

and CHANGE the following

#PermitRootLogin no
to
PermitRootLogin no

Save and Quit [ esc a a ]



# ee /etc/ttys

CHANGE the following

console none unknown off secure
to
console none unknown off insecure

Save and Quit [ esc a a ]


# touch /var/account/acct
# accton /var/account/acct
# echo 'accounting_enable="YES"' >> /etc/rc.conf
# echo "net.inet.tcp.blackhole=2" >> /etc/sysctl.conf
# echo "net.inet.udp.blackhole=1" >> /etc/sysctl.conf
# echo "net.inet.icmp.drop_redirect=1">> /etc/sysctl.conf
# echo "net.inet.icmp.log_redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.ip.accept_sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.icmp.bmcastecho=0">> /etc/sysctl.conf
# echo "net.inet.tcp.log_in_vain=1">> /etc/sysctl.conf
# echo "net.inet.udp.log_in_vain=1">> /etc/sysctl.conf
# echo "kern.ipc.somaxconn=1024">> /etc/sysctl.conf
# echo "net.link.ether.inet.max_age=600">> /etc/sysctl.conf
# echo "net.inet.tcp.sack.enable=0 ">> /etc/sysctl.conf
# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
# echo "net.inet.ip.check_interface=1">> /etc/sysctl.conf
# echo"net.inet.tcp.syncookies=0">> /etc/sysctl.conf
#echo "net.inet.icmp.maskrepl=0">> /etc/sysctl.conf


# ee /etc/sysctl.conf

CHANGE the following

# security.bsd.see_other_uids=0
to
security.bsd.see_other_uids=0

Save and Quit [ esc a a ]



# ee /etc/login.conf

CHANGE the following

:passwd_format=md5:\
to
:passwd_format=blf:\

Save and Quit [ esc a a ]


# cap_mkdb /etc/login.conf
# passwd username
# more /etc/master.passwd


# ee /etc/auth.conf

CHANGE the following

crypt_default = md5
to
crypt_default = blf

Save and Quit [ esc a a ]



Secure rc.conf

# ee /etc/rc.conf

sendmail_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
update_motd="NO"
inetd_enable="NO"
clear_tmp_enable="YES"
accounting_enable="YES"
fsck_y_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"


#reboot




Τρίτη, Οκτωβρίου 02, 2007

OpenBSD : Updating and building your system and kernel

Login: root
password: password

# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
# pkg_add -v cvsup-16.1hp0-no_x11.tgz
#pkg_add -v ee-1.4.6p1.tgz

# cd /usr
# ee cvsup-file-src

Write the following

# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1

# If your network link is a T1 or faster, comment out the following line.
# *default compress

#OpenBSD-ports
#OpenBSD-all
OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara


Save and Quit [ esc a a ]

# cvsup -g -L 2 cvsup-file-src
# cp /bsd /bsd.old
# cd /usr/src/sys/arch/i386/conf/
# config GENERIC
# cd /usr/src/sys/arch/i386/compile/GENERIC/
# make clean && make depend && make && make install
# reboot

Login: root
password: password

# rm -rf /usr/obj/*
# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build

# cd /usr/
# ee cvsup-file-ports

Write the following

# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1

# If your network link is a T1 or faster, comment out the following line.
# *default compress

OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara


Save and Quit [ esc a a ]

# cvsup -g -L 2 cvsup-file-ports
# cd /usr/ports/infrastructure/build/
# ./out-of-date

# cd/usr
# ee cvsup-file-xf4

Write the following

# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1

# If your network link is a T1 or faster, comment out the following line.
# *default compress

#OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
OpenBSD-xf4
#OpenBSD-xenocara

Save and Quit [ esc a a ]

# cvsup -g -L 2 cvsup-file-xf4

# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
#pkg_add -v tk-8.4.7p1.tgz

# rm -rf /usr/Xbld
# mkdir -p /usr/Xbld
# cd /usr/Xbld
# lndir ../XF4
# make build
# reboot

Login: root
password: password

# find /usr/ports/ -name opera
# cd /usr/ports/www/opera/
# make update