From PC-BSD Wiki
Revision as of 07:00, 25 April 2012 by Drulavigne (Talk | contribs)

Jump to: navigation, search

(Sorry for the inconvenience)

Your PC-BSD system is secure by default. This section provides an overview of the built-in security features and additional resources should you like to learn more about increasing the security of your system beyond its current level.

PC-BSD's security features include:

  • naturally immune to viruses and other malware: most viruses are written to exploit Windows systems and do not understand the binaries or paths found on a PC-BSD system. Antivirus software is available in the Security section of AppCafe® as this can be useful if you send or forward email attachments to users running other operating systems.
  • built-in firewall: the default firewall ruleset allows you to access the Internet and the shares available on your network. If there are no shared resources on your network, you can use Firewall Manager to further tighten the default ruleset.
  • very few services are enabled by default: you can easily view which services are started at boot time using Services Manager or by reading through /etc/rc.conf. You can also disable the services that you do not use by disabling that service in Services Manager or by commenting out that line with a # in /etc/rc.conf.
  • SSH is disabled by default: and can only be enabled by the superuser. This setting prevents bots and other users from trying to access your system. If you do need to use SSH, change the NO to a YES in the line sshd_enable= in the file /etc/rc.conf. You can start the service right away by typing /etc/rc.d/sshd start. You will need to add a firewall rule to allow SSH connections from the systems that require SSH access.
  • SSH root logins are disabled by default: if you enable SSH, you must login as a regular user and can use su or sudo when you need to perform administrative actions. You should not change this default as this prevents an unwanted user from having complete access to your system.
  • sudo is installed: and configured to allow users in the wheel group sudo access by typing their own password. In other words, they do not need to know the root password. By default, the first user you create during installation is added to the wheel group. You can use User Manager to add other users to this group. You can change the default sudo configuration using the visudo command as the superuser.
  • denyhosts is automatically enabled: this script is used to thwart SSH attacks.
  • automatic notification of security advisories: Update Manager will automatically notify you if an update is available as the result of a FreeBSD security advisory that affects PC-BSD. This allows you to keep your operating system fully patched with just the click of a mouse.

If you would like to learn more about security on FreeBSD/PC-BSD systems, man security is a good place to start. These resources are also available: