# [Server] Security Revaluation



## Alastor (Feb 14, 2015)

Hi,

I'm not familiar with BSD - so far I only used Linux for server use. My first impression of "the Beastie" is: I am a little tired - but I like it anyway. There are many similarities with Linux, but you have to first remember all the amendments.

My current problem is that I have unintentionally lost root access to my system. . It probably was my hedging approach. These are my basic protection steps:

- Amendment of the standard ports,
- Prohibit access by root,
- Create another normal user for the login,
- permit only one allowed User for the Login,
- Add the Public-Key authentication method and only,
-Add further security tools ( like fail2ban, modsecurity or Two Factor Authentification on root, (...) ),
- Rbash already installed and configured to the Login-User.

At first, when ordering on BSD, there are no visible defects proved.
Only in retrospect, after I had tried me log on with the user to then me to get through su back to root. In this System namely it does not seem to be possible without sudo to gain access to Admin rights or to switch to a super user. 

But well, I hope I get here some advice for security settings and/or answer for the following Questions:
- How can I easily fix that Problem ?
- Or is there actually a another way to beware the safeness ?

The establishment of a chroot reminds me extremely difficult to envisage what it even is possible (sudo) to use -su. I also recently found a document which is explained in great detail, how to escape from a chroot easily.

Thanks for the answers anyway!
PS: It is not necessary to give me advice for locked-access situations. I only ask for advice for alternative ways to preserve security and / or to solve the problem with sudo/su under rbash or sh shells.


----------



## alphaniner (Feb 14, 2015)

A user has to be in group 'wheel' to su to root. Sudo isn't installed by default.



> I´m new on this Distribution - I usually used Debian/Ubuntu as Linux-Distribution.



It sounds like you regard FreeBSD to be like a Linux distribution, which it absolutely isn't. I'm new to FreeBSD myself, but I think it's safe for me to say it's unwise to approach learning FreeBSD as though it were a different Linux distro.


----------



## Alastor (Feb 14, 2015)

Because you're right, I've already adjusted my formulation.

Edit:

Regarding the group adaptation: I still have concerns about the safety risks committing thereby. With the permissions of wheel he is surely in the Admin category and even far-fetched - somewhere you can as yet be back grab all other rights. Nevertheless, thanks for the tip! There any other suggestions?


----------



## hukadan (Feb 14, 2015)

Hi,

Concerning your root access problem, you can fix it using single user mode. Here are the instructions.
[Edit] you have the single user mode option in the boot menu when you restart. Then the rest of the instructions should apply [/Edit]
Hope it helps.


----------

