Security/9.2

From PC-BSD Wiki
Revision as of 13:26, 20 December 2011 by Drulavigne (Talk | contribs)

Jump to: navigation, search

(Sorry for the inconvenience)

Your PC-BSD system is secure by default. This section provides an overview of the built-in security features and additional resources should you like to learn more about further increasing the security of your system.

PC-BSD's security features include:

  • naturally immune to viruses and other malware: most viruses are written to exploit Windows systems and do not understand the binaries or paths found on a PC-BSD system. Antivirus software is available in the Security section of AppCafe™ as this can be useful if you send or forward email attachments to users running other operating systems.
  • built-in firewall: the default firewall ruleset allows you to access the Internet and the shares available on your network. If there are no shared resources on your network, you can use Firewall Manager to further tighten the default ruleset.
  • very few services are enabled by default: you can easily view which services are started at boot time using Services Manager or by reading through /etc/rc.conf. You can also disable the services that you do not use by disabling that service in Services Manager or by commenting out that line with a # in /etc/rc.conf.
  • SSH is disabled by default: and can only be enabled by the superuser. This setting prevents bots and other users from trying to access your system. If you do need to use SSH, change the NO to a YES in the line sshd_enable= in the file /etc/rc.conf. You can start the service right away by typing /etc/rc.d/sshd start. You will need to add a firewall rule to allow SSH connections from the systems that require SSH access.
  • SSH root logins are disabled by default: if you enable SSH, you must login as a regular user and can use su or sudo when you need to perform administrative actions. You should not change this default as this prevents an unwanted user from having complete access to your system.
  • denyhosts is automatically enabled: this script is used to thwart SSH attacks.
  • sudo
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox