os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/es/security/secure.sgml
Hiroki Sato de3f531874 www cleanup mega commit: 
- Move includes.nav*.sgml to share/sgml/navibar.ent and
   <lang>/share/sgml/navibar.l10n.ent.

 - Move includes.sgml and includes.xsl to
   share/sgml/common.ent, share/sgml/header.ent, <lang>/share/sgml/l10n.ent,
   and <lang>?share/sgml/header.l10n.ent.

 - Move most of XSLT libraries to share/sgml/*.xsl and
   <lang>/share/sgml/*.xsl.

 - Move news.xml and other *.xml files for the similar purpose
   to share/sgml/*.xml and <lang>/share/sgml/*.xml.

 - Switch to use a custom DTD for HTML document.  Now we use
   "-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension", which is
   HTML 4.01 + some entities previously pulled via
   "<!ENTITY % includes SYSTEM "includes.sgml"> %includes;" line.
   The location of entity file will be resolved by using catalog file.

 - Add DOCTYPE declearation to XML documents.  This makes the followings
   possible:

   * Use of &foo; entities for SGML in an XML file instead of defining
     {$foo} as the same content.

   * &symbolic; entities for Latin characters.

 - Duplicated information between SGML and XML, or English and
   translated doc, has been removed as much as possible.
2006-08-19 21:22:38 +00:00

60 lines
2.8 KiB
Text
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension//EN" [
<!ENTITY base CDATA "..">
<!ENTITY date "$FreeBSD: www/es/security/secure.sgml,v 1.3 2005/10/04 07:56:23 murray Exp $">
<!ENTITY title "How to secure a FreeBSD system">
<!ENTITY % navinclude.support "INCLUDE">
]>
<!-- $FreeBSD: www/es/security/secure.sgml,v 1.3 2005/10/04 07:56:23 murray Exp $ -->
<html>
&header;
There are several steps involved in securing a FreeBSD system, or in
fact any UNIX system:
<UL>
<LI>disabling potentially dangerous software<BR>
A lot of software has to be run as a special privileged user to make use
of specific resources, bij making
the executable set-uid. An example is UUCP software or PPP
software that makes use of a serial port, or sendmail which has to write
in the mail spool and bind to a network port. When you are not using
UUCP, it is of little use to have the software on your system and it may
be wise to disable it. Of course, this requires good knowlegde of what
can be thrown away and what not, as well as a good indication whether or
not you will want the functionality in the future.<BR>
Also some utilities you may find not interesting enough to have them
around and pose a possible security risk, like swapinfo. If you remove
the set-uid bit for the executable (via chmod ug-s filename) you
can always keep on using swapinfo when you're root. It is however
not a good idea stripping so many sbits you have to be root all
the time.<BR>
Not only remove programs that you don't use, also remove services you
don't want or need to provide. This can be done by editting the
<TT>/etc/inetd.conf</TT> file and uncommenting out all services you
don't use.
<LI>fixing software with security bugs<BR>
Subscribe yourself to mailinglist to get updates on security bugs in
software and to get the fixes. Apply them immediately.
<LI>checking your system on a regular basis<BR>
With programs like COPS and SATAN you can find gaping holes and
misconfigurations on your system. It is a good idea to run them
occasionaly to see if you have made any mistakes.<BR>
Also check the daily security reporting that FreeBSD send to root. Check
the logfiles once in a while. Clean up unused accounts.
<LI>being able to repair your system when security has been breached<BR>
Always have backups and a clean version of the operating system (e.g. on
CD-ROM).
<LI>installing software that watches the system<BR>
Programs like the tcp wrapper (a package with FreeBSD) and tripwire help you
monitor activity on your system. This makes it easier to detect
breakins.
<LI>educating the people working on the system<BR>
Users should know what they are doing, and e.g. use hard to guess
password. Let them understand that the security of the system is partly
in their hands.
</UL>
&footer
</body>
</html>
Reference in a new issue View git blame Copy permalink