Home arrow Security arrow Security Tips
Security Tips 1 PDF
Monday, 27 February 2006

Tip 1. Find all files that have read and write attributes

/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;

Tip 2. Howto Check FreeBSD Active Ports
#sockstat -4
#netstat -Lan

Tip 3. FTPD chroot to a specific directory
If you want to restrict access to ftp users to a specific directory then create/edit your /etc/ftpchroot with the following content: (assuming you want to restrict user john to his /home/john directory)

# content of /etc/ftpchroot
john    /home/john    ./

After editing ftpchroot file restart your ftpd server.
/etc/rc.d/ftpd stop
/etc/rc.d/ftpd start

Tip 4. Limit your unsuccessful SSH attempts to your server

There is a freebsd port that does that: /ports/security/denyhosts/ .

# cd /ports/security/denyhosts/
# make install

This tool will add sites in your /etc/allow.hosts (with block rules). You can setup the program to release that denied hosts after a period of time. The only problem that could rise if you have a lot of ssh traffic, your /etc/hosts.allow can be very large.

There is also other program in ports, that might help you: /usr/ports/security/bruteblock.

Last Updated ( Tuesday, 20 February 2007 )

Other BSD Systems





Best BSD firewall?