# FreeBSD post-installation actions



## stanko (Sep 2, 2013)

Hi everybody,

First post and first FreeBSD installation.

I would like to learn about FreeBSD, so I decided to set up my personal web server. Of course, with web servers, security is always a question. So, I've decided to go one step at the time.

My questions:

I have installed FreeBSD, and during the installation I've selected to install ports and sshd. sshd connections are blocked by default. So, basically, 

If I set up sshd correctly and set up the firewall correctly, I will have an "impenetrable" system? I.e. at this point these two services are the only things I should focus on and I will have a secured system? Do I have to set any other service up for security?
If the answer to 1. is "yes", then I can proceed to installing AMP. Do the same rules, regarding security, apply as if I was doing this on a Linux machine?
I hope my questions make sense. I admit I haven't studied much about FreeBSD, so I hope you'll direct me to the right sources for learning FreeBSD and web server set up on it. As I read, Handbook is a good place to start. What about securing the server?

Thanks in advance.


----------



## SirDice (Sep 2, 2013)

Not if you pick bad, easily guessed, passwords for your accounts.

 Yes.


----------



## kpa (Sep 2, 2013)

SSH connections are not blocked by default if you enable the sshd(8) service because there's no firewall enabled by default in FreeBSD. If you disable password and challenge-response authentications and force the use of public keys for authentication you have pretty much an impenetrable system as far as SSH goes. There's one important caveat, you have to take good care of your private key and make sure it can not leak under any circumstances.


----------



## stanko (Sep 2, 2013)

Of course, I forgot to mention securing _the_ root user (and all other users). 

In the meantime, I found this thread: http://forums.freebsd.org/showthread.php?t=4108 It'll give me something to think about in _the_ following days. I gues_s_ it is _a_ good source to start from.

Thank you for your reply @SirDice. So, the rule is:

Secure user accounts.
Set PF firewall rules.
Now you have secured the clean install of FreeBSD. Secure all additional services you install (_SSH_, _A_pache, _M_y_SQL_, ...). Securing them is done the same way as on Linux.
_I am s_tarting to read the Handbook.


----------



## SirDice (Sep 3, 2013)

The thread you found should give you a good starting point. I think it's mentioned in that thread too but there's also security(7).


----------

