--HG+GLK89HZ1zG0kk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 09, 2001 at 10:58:26PM +0000, Richard Ibbotson wrote:
> I've just installed a Net BSD 1.5.2 system into some i386 hardware.  My
> intention is to use it as a firewall.  I'm thinking that it might be a
> good idea to harden the installation with chroot and the other thing I'd
> like to know about is ....  is there such a thing as a hardening script
> for Net BSD ?

Many of the in-tree daemons (bind, postfix) will gladly take a flag
to chroot() themselves. Anything else, chroot(8) will probably work
on (but that makes binding to ports more complicated).

As far as a hardening script... most of the things that those
scripts, like Bastille for RedHat Linux, do are the default for
NetBSD. We don't open ports in /etc/inetd.conf, we install a fairly
sane sshd.conf, so forth.

--=20
       ~ g r @ eclipsed.net

--HG+GLK89HZ1zG0kk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvDi5AACgkQ9ehacAz5CRrq4gCZATEY3z0Kke8GvHLVqBOTAM2R
VZwAoKiE4kAAXbJiLuo8SwsH6l6iupbZ
=hbnX
-----END PGP SIGNATURE-----

--HG+GLK89HZ1zG0kk--