%includes; ]> &header;
This guide attempts to document some of the tips and tricks used by many FreeBSD security experts for securing systems and writing secure code. It is designed to help you learn about the various ways of protecting a FreeBSD system against outside attacks and how to recover from such attacks if and when they should happen. It also lists the various ways in which the systems programmer can become more security conscious so he will less likely introduce security holes in the first place.
We welcome your comments on the contents and correctness of this page. Please send email to the FreeBSD Security Officers if you have changes you'd like to see here.
FreeBSD takes security seriously, a dedicated team of security officers providing a focal point for security related communications. A security officers' main task is to send out advisories when there are known security holes and otherwise keep abreast of security issues. The security officers also communicate with the various CERT and FIRST teams around the world, sharing information about vulnerabilities in FreeBSD or utilities commonly used by FreeBSD, and keeping up to date on security issues in the world at large. The security officers are also active members of those organizations.
When you need to contact the security officers about a sensitive matter, please use their PGP key to encrypt your message before sending it.
The FreeBSD security officers provide security advisories for the following releases of FreeBSD:
Older releases will not be actively maintained and users are strongly encouraged to upgrade to one of the supported releases.
An advisory will be sent out when a security hole exists that is either being actively abused (as indicated to us via reports from end users or CERT like organizations), or when the security hole is public knowledge (e.g. because a report has been posted to a public mailing list).
Like all development efforts, security fixes are first brought into the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory then sent out.
Advisories are sent to the following FreeBSD mailing lists:
Advisories are always signed using the FreeBSD security officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available:
If you want to stay up to date on FreeBSD security, you can subscribe yorself to one of the following mailing lists:
freebsd-security General security related discussion freebsd-security-notification Security notifications (moderated mailing list)Send mail to majordomo@FreeBSD.ORG with
     subscribe <listname>  [<optional address>]
in the body of the message in order to subscribe yourself.
Other questions you may ask yourself are:
There are several steps involved in securing a FreeBSD system, or in fact, any UNIX system: