Written by philg and last updated on 06/30/2008 - [ freebsd ]

This document is an introduction to basic FreeBSD jails also called ‘fat jails’. We discuss an easy jail installation process. We will do some basic jail configuration and show you how to manage the jail environment. This document wil not cover building ‘chroot jails’ in a jail.

Written by Jan-Willem Regeer and last updated on 12/30/2007 - [ freebsd ]

This guide will help you set up OpenVPN to allow remote users to securely connect to the internal LAN or use the VPN tunnel as an endpoint when on insecure wireless access points, allowing safe transmission of data without worries of being sniffed or intercepted.

Written by Cezary Morga and last updated on 08/03/2007 - [ freebsd | openbsd ]

Although there are some good tutorials on setting VPN connections using IPSec in FreeBSD-to-FreeBSD or OpenBSD-to-OpenBSD configurations, only tutorials on setting FreeBSD-to-OpenBSD IPSec tunnels are at least partly outdated, mostly due to changes introduced in OpenBSD 3.8. In this tutorial I'll demonstrate how to configure such a VPN connection (tunneling mode) using racoon and isakmpd IKE daemons along with x509 certificates. The IP addresses used throughout this tutorial are: - gateway A running FreeBSD with internal IP address: 192.168.0.1, and external IP: 10.0.0.1, - gateway B running OpenBSD with internal IP address: 192.168.1.1, and external IP: 10.0.0.2. For the purpose of this tutorial I have used FreeBSD 6.2-RELEASE and OpenBSD 4.1-RELEASE operating systems, but the configuration covered here should be applicable in any reasonably recent version as well.

Written by Bill and last updated on 10/27/2006 - [ freebsd ]

This walkthrough will root your users to their home directory for those users you don't want browsing all over your FreeBSD machine. I would suggest doing this at your console or possibly running a script to kill all the running sshds and then starting the sshd2 deamon.

Written by Bill and last updated on 10/05/2006 - [ freebsd ]

There may be times you would want to run perl scripts as non-root users. This offers more security to your system and this guide will show you how to enable perl to use setuid.

Written by alfatrion and last updated on 09/03/2005 - [ freebsd ]

This guide helps you setup a simple firewall for any FreeBSD version (recent) that can load the firewall module.

Written by Jon LaBass and last updated on 07/15/2005 - [ freebsd ]

File servers that run Microsoft Windows will typically have the shared resources locked to some users/groups while other users/groups can have full rights on the same share. How can this be if standard permissions are generic for one user, one group, and everybody? This is accomplished with the use of Access Control Lists (ACLs) and the UNIX environment can also apply these variable permissions to files and directories. Not only can they support the feature, Windows clients that connect to your Samba shares will respect them as well.

Written by Jon LaBass and last updated on 06/27/2005 - [ freebsd ]

After a fresh install, it is important to harden the security on a server before it hits your network for use. Not only making configuration changes aid in the security of your box, but there are some practical rules to abide by. These are some hardening tips to make your FreeBSD box more secure and will apply to both the 5.x and 4.x branches, but I will assume you are running 5.x. If a 4.x change is different, I will note it. Please do not apply these changes carelessly on a production server. Make sure you test, test, test on a separate box to note the effects of the changes.

Written by Jon LaBass and last updated on 10/11/2004 - [ freebsd ]

Any private network should be running some sort of Intrusion Detection System for system adminstrators to watch for any malicious traffic. In this guide you will learn how to set up snort and one of its reporting utilities, snortreport.

Written by Jon LaBass and last updated on 07/15/2005 - [ freebsd | openbsd | netbsd ]

Often times we SSH into our BSD boxes and then have to leave our stations for a little bit. If we don't do anything special with our open terminal, that poses a serious security threat to our boxes. Wouldn't it be nice if we could just lock the open terminal without having to close the connection? Well, we can with a built-in utility called lock(8). There is also the vlock port that I will discuss as well.

Written by Derrick Lewis and last updated on 12/01/2003 - [ freebsd ]

Security is one of the most important things in administrating any sort of computer system. FreeBSD is certainly much more secure than Windows and other popular computer systems; however, most security problems lie within the user and other running software on the system than the OS itself. This guide will give a few hints and examples to make it a fair bit harder to violate your system.

Written by Jon LaBass and last updated on 10/21/2003 - [ freebsd ]

In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file. These are the files that Apache reads from to see who is allowed in the site. This guide will show you how to setup a website directory with password protection.