Chapter 14. Security

Much of this chapter has been taken from the security(7) manual page by Matthew Dillon.
Table of Contents
14.1. Synopsis
14.2. Introduction
14.3. Securing FreeBSD
14.4. DES, Blowfish, MD5, SHA256, SHA512, and Crypt
14.5. One-time Passwords
14.6. TCP Wrappers
14.7. Kerberos5
14.8. OpenSSL
14.9. VPN over IPsec
14.10. OpenSSH
14.11. Filesystem Access Control Lists (ACL)s
14.12. Monitoring Third Party Security Issues
14.13. FreeBSD Security Advisories
14.14. Process Accounting
14.15. Resource Limits

14.1. Synopsis

This chapter provides a basic introduction to system security concepts, some general good rules of thumb, and some advanced topics under FreeBSD. Many of the topics covered here can be applied to system and Internet security in general. Securing a system is imperative to protect data, intellectual property, time, and much more from the hands of hackers and the like.

FreeBSD provides an array of utilities and mechanisms to protect the integrity and security of the system and network.

After reading this chapter, you will know:

  • Basic FreeBSD system security concepts.

  • The various crypt mechanisms available in FreeBSD.

  • How to set up one-time password authentication.

  • How to configure TCP Wrappers for use with inetd(8).

  • How to set up Kerberos on FreeBSD.

  • How to configure IPsec and create a VPN.

  • How to configure and use OpenSSH on FreeBSD.

  • How to use filesystem ACLs.

  • How to use portaudit to audit third party software packages installed from the Ports Collection.

  • How to utilize FreeBSD security advisories.

  • What Process Accounting is and how to enable it on FreeBSD.

  • Understand the resource limits database and how to utilize it to control user resources.

Before reading this chapter, you should:

  • Understand basic FreeBSD and Internet concepts.

Additional security topics are covered elsewhere in this Handbook. For example, Mandatory Access Control is discussed in Chapter 16, Mandatory Access Control and Internet firewalls are discussed in Chapter 29, Firewalls.

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.