Firewall Wizards mailing list archives
Re: Securing FreeBSD 2.1.7.1
From: Rudolf Schreiner <ras () muc de>
Date: Wed, 18 Feb 1998 20:46:08 +0300
-= ArkanoiD =- wrote:
I am thinking on "hardening" FreeBSD 2.1.7.1 system to run a firewall on top of it.. by implementing "securelevel 3" with some system calls disabled/wrapped - like mount, mknod.. what else? Any ideas?
I completly removed all routing code from the kernel, esp. source route. Of course this applies only to an application level gateway. Then I added some additional logging of "strange" packets used for port scanning. And last of all I used two SCSI-hardisks, a write protected root disk for executables and configuration, and a r/w /var for spooling and logging. IIRC (I made this years ago, on FreeBSD 2.1, and don't have the source handy) the problem was that a entry in /dev had to be made at boot time, but /dev was on the write protected boot disk. So I moved the device to /var/dev. Rudi
Current thread:
- Securing FreeBSD 2.1.7.1 -= ArkanoiD =- (Feb 18)
- Re: Securing FreeBSD 2.1.7.1 Rudolf Schreiner (Feb 18)
- Re: Securing FreeBSD 2.1.7.1 marc (Feb 18)
- <Possible follow-ups>
- Securing FreeBSD 2.1.7.1 tqbf (Feb 18)