Login: root
password: password
# ee /usr/X11R6/bin/startx
CHANGE the following
serverargs=""
to
serverargs="-nolisten tcp"
Save and Quit [ esc a a ]
# ee /etc/mail/sendmail.cf
CHANGE the following
O DaemonPortOptions=Port=587, Name=MSA, M=E
to
#O DaemonPortOptions=Port=587, Name=MSA, M=E
Save and Quit [ esc a a ]
# killall -HUP sendmail
# ee /etc/ssh/sshd_config
CHANGE the following
#Protocol 2
to
Protocol 2
and CHANGE the following
#PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
# touch /var/account/acct
# accton /var/account/acct
# echo 'accounting_enable="YES"' >> /etc/rc.conf
# echo "net.inet.tcp.blackhole=2" >> /etc/sysctl.conf
# echo "net.inet.udp.blackhole=1" >> /etc/sysctl.conf
# echo "net.inet.icmp.drop_redirect=1">> /etc/sysctl.conf
# echo "net.inet.icmp.log_redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.ip.accept_sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.icmp.bmcastecho=0">> /etc/sysctl.conf
# echo "net.inet.tcp.log_in_vain=1">> /etc/sysctl.conf
# echo "net.inet.udp.log_in_vain=1">> /etc/sysctl.conf
# echo "kern.ipc.somaxconn=1024">> /etc/sysctl.conf
# echo "net.link.ether.inet.max_age=600">> /etc/sysctl.conf
# echo "net.inet.tcp.sack.enable=0 ">> /etc/sysctl.conf
# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
# echo "net.inet.ip.check_interface=1">> /etc/sysctl.conf
# echo"net.inet.tcp.syncookies=0">> /etc/sysctl.conf
#echo "net.inet.icmp.maskrepl=0">> /etc/sysctl.conf
# ee /etc/sysctl.conf
CHANGE the following
# security.bsd.see_other_uids=0
to
security.bsd.see_other_uids=0
Save and Quit [ esc a a ]
# ee /etc/login.conf
CHANGE the following
:passwd_format=md5:\
to
:passwd_format=blf:\
Save and Quit [ esc a a ]
# cap_mkdb /etc/login.conf
# passwd username
# more /etc/master.passwd
# ee /etc/auth.conf
CHANGE the following
crypt_default = md5
to
crypt_default = blf
Save and Quit [ esc a a ]
Secure rc.conf
# ee /etc/rc.conf
sendmail_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
update_motd="NO"
inetd_enable="NO"
clear_tmp_enable="YES"
accounting_enable="YES"
fsck_y_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
#reboot
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου