RE: Newbie: OpenBSD security

[Will Munkara-Kerr <WillM () cs nsw gov au>]

1st googled "Hardening OpenBSD":

http://geodsoft.com/howto/harden/

Also you might like to check out:
http://bsdvault.net/sections.php?op=viewarticle&artid=92

Basically, do the standard- shut off unneeded daemons, check
http://www.openbsd.org/errata.html daily (hourly even), tighten up your
openssh options, configure pf, install snort and aide and portsentry, nessus
yourself every so often, back up, and actually read the inbuilt
pre-configured openbsd reports.. daily insecurity report etc.

oh, and leave your computer switched off, buried in a secret basement that
no one, not even yourself knows the location of, removed of any networking
devices, monitor, keyboard, and relocated to random global basements at
indeterminate times, by a socially outcast deaf, dumb, blind mute, who has
no understanding of computers. 

good luck, and have fun... 
this is cool too, but I implement it far less than I should:

http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html

Can't help you to much with the sms stuff, but its possible... we run it at
work (not from openbsd though) Afaik, it works by certain mail getting
forwarded to a mail server which has sms capabilities, so.... you could cron
a email report from openbsd to such a server (which forwards to your mobile)
letting you know that everything is ok, but directly from your openbsd
machine to your mobile.... not too sure)

.will



> -----Original Message-----
> From: His Imperial Majesty Christopher Calderon
> [mailto:chrisc () forpresident com]
> Sent: Wednesday, 23 October 2002 4:59 AM
> To: security-basics () securityfocus com
> Subject: Newbie: OpenBSD security
>
>
>
>
>      I am new to OpenBSD and other Unices. I have some Linux 
> experience. I 
> can install the operating system, install software, delete software, 
> add/rm users, etc. How can I strengthen OpenBSD's good 
> security even more? 
> I would like it as tight as possible. I will probably be the 
> only user on 
> the system. I can see myself SSH'ing in and maybe running 
> Apache. Is there 
> software out there that could allow SMS messages to my cell 
> phone to let 
> me know my OpenBSD box at my house is OK and not compromised, 
> or is my 
> crown on my head put on too tightly?
>
>  Cheers,
>
> H.I.M Christopher Calderon
"This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
destroy it and notify the sender. Views expressed in this message are those
of the individual sender, and are not necessarily the views of the Central
Sydney Area Health Service."