# First Install - Basic Desktop Security



## walter west (Feb 22, 2016)

Hey all, first thanks to the developers who improved the FreeBSD installer...this is the first time I've been able to install it on my old laptop without an ethernet connection.  Awesome.

So this is my first time setting this up, I'm a pretty big newb with Linux and BSD and I was just wondering if there's anything serious security related that I'm missing?  It's for a home desktop...

User accounts - root, 1 user in wheel, 1 user not in wheel
Firewall - enabled IPFW - workstation.  I originally had pf enabled with "block in all pass out all keep state" in pf.conf, but since I don't know what I'm doing, I figured I'd use the default IPFW.
Disabled ssh since I'm not using this as a server but as a home desktop computer and I don't need to make remote connections to it.
Performed freebsd-update, but I have to add this to cron.
Installed MATE, Firefox, and Thunderbird.  
I'm gonna try to install sudo, but I'm really not sure if I need to if I just run MATE/the desktop in the non-wheel group.  I read somewhere on here never to enter root/su while in Xorg.
Anything else blazingly wrong security-wise?  

Thanks


----------



## Dylan Allbee (Feb 22, 2016)

If it's just for personal usage (and maybe some people you trust), I'd say you're fine. Just don't `chmod -R 777 /` . You do want to avoid using root while in X though.

If you're planning on using this in a shared environment, then that's another discussion and you may want to provide more details


----------



## walter west (Feb 23, 2016)

Dylan Allbee said:


> If you're planning on using this in a shared environment, then that's another discussion and you may want to provide more details



I was planning on using it at Starbucks on public wifi.  What else would I need to do to secure it?


----------



## SirDice (Feb 23, 2016)

By "shared" environment Dylan Allbee meant there's more than one user using the machine. There are some additional settings you can do to prevent User1 from accessing User2's files for example.


----------



## alphachi (Feb 25, 2016)

If you're the only user on the machine, I suggest to use `su -m` rather than security/sudo since it's enough and simpler.

In addtion, you should regularly audit your packages using `pkg audit -F` like freebsd-update.


----------



## fnoyanisi (Feb 26, 2016)

walter west said:


> Performed freebsd-update, but I have to add this to cron.


Not necessarily I reckon. If you are not running a server, and you said you are not, you may perform an update manually from time to time. I do prefer doing it manually.



walter west said:


> I'm gonna try to install sudo, but I'm really not sure if I need to if I just run MATE/the desktop in the non-wheel group. I read somewhere on here never to enter root/su while in Xorg.


I have never heard this to be honest. In fact, I always su(1) while I am on an X session. Ah, yes...and my day to day user is in the wheel group 

You may want to spend some time reading this page every now and then. But, as suggested by alphachi, `pkg audit -F` should check known vulnerabilities for you already.

The FreeBSD Handbook has a dedicated chapter on security, a must read if you are concerned about the security.


----------

