Secure Internet Servers/Firewalls with OpenBSD
| Outline notes for the half-day tutorial presented at the O'Reilly Open Source
Conference in Monterey, California on July 17, 2000. |
Tools - Ports to Know About II
| Tools - Ports to Know About II. $ ls /usr/ports/security /usr/ports/net
/usr/ports/security: ADMfzap cgichk its4 outguess sftp stunnel ADMsmb cops john ... |
SMTPD II
| SMTPD II. Patterns in src, from. ALL. KNOWN|UNKNOWN. NS=. USER - in from - match
in identd. Examples. deny:UNKNOWN:AL::ALL ... |
Add Your Own S/W IV - Emulation
| Add Your Own S/W IV - Emulation. OpenBSD emulates Linux, other-BSD and UNIX binaries.
Fast kernel implementation (system call switch) ... |
Adding your favorite UNIX software I
| Adding your favorite UNIX software I. /usr/ports (extract with ports.tar.gz).
Third-party software ported for you. "make" downloads source, extracts, ... |
OpenBSD - Secure by Default
| OpenBSD - Secure by Default. Provide safe configuration out of the box; see Theo's
talk (Thursday 1:30)! Total Code Audit: Multi-year, multi-national, ... |
Security Policy
| Security Policy. Must state what is/is not allowed. Controls Firewall decisions.
Tells employees what is/is not OK. No policy ==> Anything goes ... |
Ian's Favorite PostInstalls
| Ian's Favorite PostInstalls. Change root shell (use vipw). Customize dot files
in ~root (/root). Remove unused accounts (uucp) ... |
OpenBSD Is
| OpenBSD Is. mainstream standards-conforming UNIX-like system. based on 4.4BSD (25
years of continuous UNIX evolution). Project dedicated to code correctness ... |
VPN Basic Steps
| VPN Basic Steps. Enable protocols in /etc/sysctl.conf. net.inet.esp.enable=1.
net.inet.ah.enable=1. Choose a key exchange method ... |
