hi jnf,
j> hello, 
j> i've recently taken up the task of setting up a netbsd box here on my lan 
j> that will be used in the dmz, I just googled a little for papers over 
j> securing netbsd and didnt find much
[...]
indeed you don't find much :(
(i'm no netbsd professional so please don't flame me)

here are the things that i found to have a bit more security...

- use file flags (you can see them with ls -o, man chflags) and mtree
- use securelevel 2 (see the actual level with: sysctl -a | grep kern.sec)
- you can restrict systemcalls with systrace (there are two good
articles by Michael Lucas on ONLamp.com)

that's what have, the rest is (as you mentioned) "standard",  like ipf, good
passwords ....

j> I would imagine it wouldnt be incredibly hard to port stuff from openbsd 
j> to freebsd,
[..]
i don't think that this is usefull for netbsd ;)

j> [...]and also, where is a good
j> description of the sysctl's? particularly the security related ones, going 
j> through man pages and header files proved frustrating as many of them said 
j> the same thing (i.e. 'this sysctl determines the security level, it can 
j> only be raised and not lowered' or similar, but doesnt tell you what is 
j> included/what happens as each one is raised)
i think "man init" could tell you something more about the secure levels..

j> any help would be appreciated, and those of you involved with developing 
j> netbsd, or really anything in general, keep up the good work ;]
100% ACK :)

j> jnf

greets Uli


-- 

 /"\
 \ /
  X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
 / \