/usr/ports/security/snort – lightweight NIDS ex: http://www.subterrain.net/snort
Other tipstricks.
Use ntpdate to synch your clock with a time server such as clock.isc.org. crontab it to keep it reliable.
In /etc/ttys change the ‘secure" flag to ‘insecure" on each local TTY to prevent direct root login.
Enable sudo for restrictive root-level access.
Remember – turn off / remove what you don"t use – complexity does not compliment security.
Backporting sysctl stuff from –CURRENT to reduce the need for things like setgid kmem.
Links to related material.
This presentation: http://www.subterrain.net/
FreeBSD security advisories and info: http://www.freebsd.org/security
FreeBSD security how-to: http://people.freebsd.org/~jkb/howto.HTML
推荐阅读
- 从网络安装最新的FreeBSD-Stable
- 如何看FreeBSD的系统日志
- 猪场生物安全包括哪些
- 在 FreeBSD 安装 notebook PCMCIA 网路卡
- 1 FreeBSD 5.0中强制访问控制机制的使用与源代码分析
- 在freeBSD下编译linux kernel
- 1 FreeBSD handbook中文版 2 开始安装FreeBSD
- 如何在 FreeBSD 下压 MP3
- FreeBSD的起源
- FreeBSD其他相关系统和组织