FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.
FreeBSD and OpenBSD are rife with security 'building blocks' that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.
Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.
Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.
Table of Contents
Preface
Part I. Security Foundation
1. The Big Picture
What Is System Security?
Identifying Risks
Responding to Risk
Security Process and Principles
System Security Principles
Wrapping Up
Resources
2. BSD Security Building Blocks
Filesystem Protections
Tweaking a Running Kernel: sysctl
The Basic Sandbox: chroot
Jail: Beyond chroot
Inherent Protections
OS Tuning
Wrapping Up
Resources
3. Secure Installation and Hardening
General Concerns
Installing FreeBSD
FreeBSD Hardening: Your First Steps
Installing OpenBSD
OpenBSD Hardening: Your First Steps
Post-Upgrade Hardening
Wrapping Up
Resources
4. Secure Administration Techniques
Access Control
Security in Everyday Tasks
Upgrading
Security Vulnerability Response
Network Service Security
Monitoring System Health
Wrapping Up
Resources
Part II. Deployment Situations
5. Creating a Secure DNS Server
The Criticality of DNS
DNS Software
Installing BIND
Installing djbdns
Operating BIND
Operating djbdns
Wrapping Up
Resources
6. Building Secure Mail Servers
Mail Server Attacks
Mail Architecture
Mail and DNS
SMTP
Mail Server Configurations
Sendmail
Postfix
qmail
Mail Access
Wrapping Up
Resources
7. Building a Secure Web Server
Web Server Attacks
Web Architecture
Apache
thttpd
Advanced Web Servers with Jails
Wrapping Up
Resources
8. Firewalls
Firewall Architectures
Host Lockdown
The Options: IPFW Versus PF
Basic IPFW Configuration
Basic PF Configuration
Handling Failure
Wrapping Up
Resources
9. Intrusion Detection
No Magic Bullets
IDS Architectures
NIDS on BSD
Snort
ACID
HIDS on BSD
Wrapping Up
Resources
Part III. Auditing and Incident Response
10. Managing the Audit Trails
System Logging
Logging via syslogd
Securing a Loghost
logfile Management
Automated Log Monitoring
Automated Auditing Scripts
Wrapping Up
Resources
11. Incident Response and Forensics
Incident Response
Forensics on BSD
Digging Deeper with the Sleuth Kit
Wrapping Up
Resources
Index
