pavement

Securing servers

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
 
(Security in a local user context)
Line 2: Line 2:
  
 
==Security in a local user context==
 
==Security in a local user context==
 +
 +
(cover common gotchas and SNAFUs concerning local security; ie preventing valid shell users from obtaining privileges they aren't supposed to have or doing damage they shouldn't be able to do.  [[sudo]] is clearly a must with this one, as is some discussion of running daemons under special user accounts, and the dangers of overusing "nobody" to run daemons.  a quick rundown of system files that permissions should be double-checked on, like /etc/passwd, /etc/master.passwd, /etc/group, and the databases associated with them should also be covered.)
  
 
==Security in a local area network context==
 
==Security in a local area network context==

Revision as of 10:12, 19 September 2004

Eventually we'll need sections or subarticles on various different security contexts:

Security in a local user context

(cover common gotchas and SNAFUs concerning local security; ie preventing valid shell users from obtaining privileges they aren't supposed to have or doing damage they shouldn't be able to do. sudo is clearly a must with this one, as is some discussion of running daemons under special user accounts, and the dangers of overusing "nobody" to run daemons. a quick rundown of system files that permissions should be double-checked on, like /etc/passwd, /etc/master.passwd, /etc/group, and the databases associated with them should also be covered.)

Security in a local area network context

Security in an internet context

Of course, each of these sections can themselves spawn entire new subsections / subarticles of their own. There's a reason entire books have been published on computer security! =)

Try to remember, when writing these articles, that "short and sweet" is best, when it comes to a single article. If at all possible, try to limit the scope of any given article to a page or two of text; if you need to refer to something that is going to run a few pages all by itself, consider writing a separate article for that topic and hyperlinking it for people who need it. For example, obviously firewalls need discussion in any internet-context security article, but instead of trying to go over setting one up in the midst of the internet security article itself, it's better to write one article about firewalls and another about the big picture, and just link them.

Personal tools