Category Archives: FreeBSD

Installing OpenVPN on FreeBSD 8.3

OpenVPN is one of open source implementation of Virtual Private Network available.

In this article we will discuss about how to install OpenVPN on FreeBSD 8.3.

Installation

Installing OpenVPN is as easy as installing any FreeBSD ports.

cd /usr/ports/security/openvpn
make install clean

Once installed, OpenVPN will store its ocnfigurations on /usr/local/share/doc/openvpn.

Make a directory /usr/local/etc/openvpn and copy all configuration files from /usr/local/share/doc/openvpn to this new directory.

mkdir /usr/local/etc/openvpn
cp /usr/local/share/doc/openvpn/sample-config/files/server.conf /usr/local/etc/openvpn
cp -a /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn

Creating RSA Key

OpenVPN is a tunneling network. Our connection made to OpenVPN through encrypted channel. Therefore, to enable OpenVPN we should create keys. In this section we will discuss about how to do it.

A good news is, we don’t have to create the key from scratch. OpenVPN has made a script to automatically create it for us. Now invoke following to do preparation:

chmod 0755 /usr/local/etc/openvpn/easy-rsa/2.0/*
cd /usr/local/etc/openvpn/easy-rsa/2.0
sh
echo 'export KEY_COUNTRY="ID"' >> vars
echo 'export KEY_PROVINCE="JB"' >> vars
echo 'export KEY_CITY="BANDUNG"' >> vars
echo 'export KEY_ORG="Celestial Being"' >> vars
echo 'export KEY_EMAIL="xathrya@celestial-being.net"' >> vars

Now we create the certificate ca.crt

. ./vars
./clean-all
./build-ca

And then build the server.key

./build-key-server server

Next the client.key

./build-key client

Build DH parameters with 2014 bit long

./build-dh

Copy the Keys to a special purposed directory for storing keys.

mkdir /usr/local/etc/openvpn/keys
cp /usr/local/etc/openvpn/easy-rsa/2.0/keys/* /usr/local/etc/openvpn/keys
./clean-all

Configuring Server

After creating the keys, we will proceed to configuring the OpenVPN server. The file we must edit is /usr/local/etc/openvpn/server.conf. Here is sample configuration we can applied to our server:

port 1194
proto udp
dev tap
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log

Autostart on Boot

To run OpenVPN automatically at boot time, we can edit /etc/rc.conf write following:

gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
openvpn_if="tap"

Enabling IP Forwarding

IP Forwarding is needed to forward IP packet which received by servers to corresponding client inside VPN.

sysctl net.inet.ip.forwarding=1

Starting OpenVPN Server

Last part, we should start the OpenVPN by:

/usr/local/etc/rc.d/openvpn start

And that’s it. You now have OpenVPN on your network

The post Installing OpenVPN on FreeBSD 8.3 appeared first on Xathrya.ID.

Installing Nagios for Monitoring on FreeBSD 8.3

Nagios, one of the best tool we can find for building monitoring server. Nagios is free, open source, modular, easy to use, and high scalable. Initially, Nagios was designed for Linux Operating System, but later it run on almost any UNIX-like Operating System, including FreeBSD.

In this article we will discuss about how to install and use a simple configuration for Nagios. Of course, from the theme you can imply that I use FreeBSD 8.3.

Installation

Installing Nagios is as easy as installing any FreeBSD ports.

cd /usr/ports/net-mgmt/nagios
make install clean

Make sure you choose NETSNMP on nagios group and user. This allows Nagios to manage network using SNMP (Simple Network Management Protocol).

Autostart on Boot

To run Nagios automatically at boot time, we can edit /etc/rc.conf and add nagios_enable=”YES” at end of line. Another way, we can invoke following command:

echo 'nagios_enable="YES"' >> /etc/rc.conf

Running Simple Configuration

Configuration is simple. In fact, there is no need for us to write configuration from scratch. Nagios has provide a basic configuration and ready to use for generic situation. Using it is as simple as copying the file to Nagios working directory. Here is commands:

cd /usr/local/etc/nagios
cp cgi.cfg-sample cgi.cfg
cp nagios.cfg-sample nagios.cfg
cp resource.cfg-sample resource.cfg

cd /usr/local/etc/nagios/objects
cp commands.cfg-sample commands.cfg
cp contacts.cfg-sample contacts.cfg
cp localhost.cfg-sample localhost.cfg
cp printer.cfg-sample printer.cfg
cp switch.cfg-sample switch.cfg
cp templates.cfg-sample templates.cfg
cp timeperiods.cfg-sample timeperiods.cfg

Now check and make sure there is no error occured:

nagios -v /usr/local/etc/nagios/nagios.cfg

Next we need to make administrator account for accessing Nagios home page. We use default password, which is nagiosadmin

htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin

Next, we need Apache to identifying Nagios. Therefore, edit httpd.conf using ee /usr/local/etc/apache22/httpd.conf. Add following text:

ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios /usr/local/www/nagios/

<Directory /usr/local/www/nagios>
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Access"
   AuthType Basic
   AuthUSerFile /usr/local/etc/nagios/htpasswd.users
   Require valid-user
</Directory>

<Directory /usr/local/www/nagios/cgi-bin>
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Access"
   AuthType Basic

   AuthUSerFile /usr/local/etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Now, restart the Apache.

The configurations are stored on /usr/local/etc/nagios/. If we want to use the configuration, we can simply rename or copy the .cfg-sample file to .cfg file.

Before we play around with the files, it’s better for us to backup the directory to something else. For example:

mkdir /home/xathrya/nagios-samples/
cp * /nagios-samples/
mv bigger.cfg-sample bigger.cfg
mv cgi.cfg-sample cgi.cfg
mv checkcommands.cfg-sample checkcommands.cfg
mv localhost.cfg-sample localhost.cfg
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
mv resource.cfg-sample resource.cfg

Now we have all configuration files we need on /usr/local/etc/nagios.

Next open localhost.cfg file and adjust the setting to our network. This file will instruct Nagios to monitoring localhost or self monitoring.

In this case, we have defined commands to monitor service on localhost, defining contact information of administrator/user for Nagios notify to, etc.

Later we will check whether we have error on Nagios, using:

/usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg

If there is no error, you should get message like this:

.........

.........
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check

Now we start Nagios with following command:

/usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &amp;

Now try to open browser and open the Nagios by URL. In my case, my machine has IP address 192.168.3.11 thus I can access nagios using URL http://192.168.3.11/nagios.

And that’s it. You now have Nagios monitoring your network

The post Installing Nagios for Monitoring on FreeBSD 8.3 appeared first on Xathrya.ID.

Installing MySQL into FreeBSD

On different article, we have discussed about how to configure MySQL on Slackware. In this article we will discuss about how to install MySQL server on FreeBSD machine.

If you want to building a Web Server (installing Apache and PHP) then you might want to install MySQL Database first.

MySQL is well-known as reliable, free open source Database Management. Most of web server use MySQL as Database backend.

For this, I use FreeBSD 8.3 amd64, but you can have any FreeBSD version and platform as you please. The MySQL we use would be 5.5 as provided on FreeBSD ports collection.

Installing the port

Installing MySQL is as easy as installing any ports. Do the following commands:

cd /usr/ports/databases/mysql55-server
make install

If you are going to do fresh installation, you will be prompted by installation options menu. The configuration I choose are list here:

  1. OPENSSL (Enable SSL support)

You might also want to install the client:

cd /usr/ports/databases/mysql55-server
make install

The configuration I choose are list here:

  1. OPENSSL (Enable SSL support)

Once you finish installing, you might find a mysqld script on /usr/local/etc/rc.d. MySQL then will store the data in /var/db/mysql

Starting MySQL

/etc/rc.conf must contain the following line to allow the MySQL server to start

mysql_enable="YES"

Once this line is there you can run the start up script with

/usr/local/etc/rc.d/mysql-server.sh start

Setting the root password

Normally, MySQL root account and anonymouse has no password on fresh install. Therefore we need to set password on it. If not, MySQL will give full access to the database server to anyone.

To set a password on the root accounts use

mysql -u root
mysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');

Note that mysql> is prompt you got when you enter MySQL console.
To set a password for the root account use

mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');

Managing your MySQL server with phpMyAdmin

If you are to lazy to use terminal and want to administrate Database graphically, you can use phpMyAdmin. To do that, you have to install Apache and PHP first. With this tool, you can manage MySQL database with web interface. It allows you to perform SQL queries, create new databases, add users, change privileges, backup and import data.

To install phpMyAdmin, you can invoke following commands:

cd /usr/ports/databases/phpmyadmin
make install

The post Installing MySQL into FreeBSD appeared first on Xathrya.ID.

Password protecting directories with htaccess

Apache allows access to directories to be restricted unless overridden by a valid user name and password. Here you will see how to set it up in your config file, how to create the .htaccess file, and how to generate the password file for it.

Denying access in httpd.conf

The first step is to deny access to the directory in the httpd.conf file. To do this the following must be added for the directory, or the default to deny access.

<Directory "/usr/local/www/data/secret_dir">
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig
    Order deny,allow
</Directory>

The above will deny access to the secret_dir and only allow it to be accessed if the person gains authorization by entering a username and password. We will set this up next.

At this point you need to restart Apache since changes were made the config file, so use

apachectl graceful

Creating an .htaccess file

The htaccess file specifies how a visitor can get authorized to access the directory. It is normally set up in the following way

AuthName "My Secret Directory"
AuthType Basic
AuthUserFile /usr/local/www/htaccess/.mypassfile
Require valid-user

AuthName is the text shown above the password prompt when the directory is accessed. AuthUserFile points to where you have the password file stored, it can be placed anywhere as long as it is secure.

Generating the password file

Now that we have restricted access, set it so that only users who have a valid username and password can get in we need to set up some users. To do this we will be using htpasswd. When creating a new file the -c flag needs to be used with the location of the file we are writing following. The next argument is the user we are adding.

htpasswd -c /usr/local/www/htaccess/.mypassfile joe

In the above example we are creating a new password file called .mypassfile in the location we set above in the .htaccess, and are adding the user joe to it. Once you put in this command you will be asked for the password, and to confirm it.

To add another user to the same file we can use the same command without the -c

htpasswd .mypassfile kelly

For more options on encryption run htpasswd with the -h flag

$ htpasswd -h
Usage:
	htpasswd [-cmdpsD] passwordfile username
	htpasswd -b[cmdpsD] passwordfile username password

	htpasswd -n[mdps] username
	htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line
 -D  Delete the specified user.

If everything was done successfully a password prompt will come up when you try to access the protected directory, and you will only be allowed in if you enter a correct username and password from the password file.

The post Password protecting directories with htaccess appeared first on Xathrya.ID.

Install and Configure Apache Web Server and PHP5 in FreeBSD

Apache WebServer is well-known as robust and stable web server. Currently, most of web server use Apache WebServer. Apache 2.2 is simple yet having lots of modules available. Accompanied by PHP5 scripting language, you can have a good web server and ready to run any web applications.

In this article we will discuss about how to install and configure Apache and PHP5 for FreeBSD. For this, I use FreeBSD 8.3 amd64, but you can have any FreeBSD version and platform as you please. The Apache WebServer we use would be 2.2 as provided on FreeBSD ports collection.

You might also install MySQL before

Apache Web Server

Installing the port

Installing Apache2.2 is as easy as installing any ports. Do the following commands:

cd /usr/ports/www/apache22
make install

If you are going to do fresh installation, you will be prompted by installation options menu. The configuration I choose are list here:

  1. THREADS (Enable threads support in APR)
  2. MYSQL (Enable MYSQL support for apr-dbd
  3. PGSQL (Enable PostgreSQL support for apr-dbd)
  4. SQLITE (Enable SQLite support for apr-dbd)
  5. IPV6 (Enable IPv6 support)
  6. BDB (Enable BerkelyDB dbm)
  7. AUTH_BASIC (mod_auth_basic)
  8. AUTH_DIGEST (mod_auth_digest)
  9. AUTHN_ANON (mod_authn_anon)
  10. AUTHN_DBM (mod_authn_dbm)
  11. AUTHN_DEFAULT (mod_authn_default)
  12. AUTHN_FILE (mod_authn_file)
  13. AUTHZ_DBM (mod_authz_dbm)
  14. AUTHZ_DEFAULT (mod_authz_default)
  15. AUTHZ_GROUPFILE (mod_authz_groupfile)
  16. AUTHZ_HOST (mod_auth_host)
  17. AUTHZ_OWNER (mod_auth_owner)
  18. AUTHZ_USER (mod_auth_user)
  19. CACHE (mod_cache)
  20. DISK_CACHE (mod_disk_cache)
  21. FILE_CACHE (mod_file_cache)
  22. DAV (mod_dav)
  23. DAV_FS (mod_dav_fs)
  24. LDAP (Enable mod_ldap)
  25. ACTIONS (mod_actions)
  26. ALIAS (mod_alias)
  27. ASIS (mod_asis)
  28. AUTOINDEX (mod_autoindex)
  29. CERN_META (mod_cern_meta)
  30. CGI (mod_cgi)
  31. CHARSET_LITE (mod_charset_lite)
  32. DEFLATE (mod_deflate)
  33. DIR (mod_dir)
  34. DUMPIO (mod_dumpio)
  35. ENV (mod_env)
  36. EXPIRES (mod_expires)
  37. HEADERS (mod_headers)
  38. IMAGEMAP (mod_imagemap)
  39. INCLUDE (mod_include)
  40. INFO (mod_info)
  41. LOG_CONFIG (mod_log_config)
  42. LOGIO (mod_logio)
  43. MIME (mod_mime)
  44. MIME_MAGIC (mod_mime_magic)
  45. NEGOTIATION (mod_negotiation)
  46. REWRITE (mod_rewrite)
  47. SETENVIF (mod_setenvif)
  48. SPELING (mod_speling)
  49. STATUS (mod_status)
  50. UNIQUE_ID (mod_unique_id)
  51. USERDIR (mod_userdir)
  52. USERTRACK (mod_usertrack)
  53. VHOST_ALIAS (mod_alias)
  54. FILTER (mod_filter)
  55. VERSION (mod_version)
  56. SSL (mod_ssl)
  57. REQTIMOUT (mod_mod_reqtimeout)

Once the installation finish, you will have a new script at your /usr/local/etc/rc.d named apache22. You can use /usr/local/etc/rc.d/apache22 or apachectl to start the server. But before that, you need to add an enable line for Apache to your  /etc/rc.conf file:

apache22_enable="YES"

Configuring Apache’s httpd.conf

The httpd.conf contains most all of the important configuration settings. Everything can be done here from adding virtual hosts, to setting the log files, to setting .htm files to be parsed for php. You can open the httpd.conf file for editting with

ee /usr/local/etc/apache22/httpd.conf

The first thing you will need to change in the file to get your server going is the ServerName to the hostname you want to use for the server. If you do not have one you can use the IP address, or localhost. This will need to be followed by the port number.

ServerName www.yourdomain.com:80

Which in my case I use:

ServerName cluster0.xathrya.id:80

Currently in Apache 2.2.x the default directory is /usr/local/www/apache22 instead of the old default. You can change to the standard directory of /usr/local/www/data if you want. Just replace any /usr/local/www/apache22 with /usr/local/www/data on the file and then move the folder like this if you do not have a previous version of apache installed that has created the directory already.

mv /usr/local/www/apache22 /usr/local/www/

You can replace it easily with sarep from the ports with this command.

sarep "/usr/local/www/apache22" "/usr/local/www" httpd.conf

This is enough to get the server going so that you can check that it will run, so do that now.

Starting Apache

Apache is controlled with apachectl, some examples of its usage are

apachectl start
apachectl restart
apachectl graceful
apachectl stop

The graceful option has the same result as restart, it just does it in a nice way as opposed to restart forcefully restarting the server.

Before restarting or starting Apache it is best to run the configtest to check for errors in the httpd.conf

apachectl configtest

If this comes back OK then you are good to go. When starting Apache it will not tell you if the start was successful, the easiest way to check this is to restart it. If apache failed to start up previously it will tell you that Apache is not running when you perform the restart.

Once your apache  won’t start for unknown reason, you can check the logs and find the error messages. The log is located at /var/log/messages and you can check by

tail /var/log/messages
tail /var/log/httpd-error.log

To check if you can get to the server just point your web browser to the machine and you should get a message telling you that Apache has been successfully installed.

Turning on the defaults

Many of the default settings are now included in a seperate file and turned off default. To use them unhash this part of your httpd.conf file.

# Various default settings
Include etc/apache22/extra/httpd-default.conf

Common Errors

The most common error when setting up Apache is the “cannot determine local host name” error. This error is caused by the hostname resolving to a different IP than the one it has. To check what your current hostname is use hostname. Then use nslookup on the hostname to get the IP and compare it to the IP that your machine is actually using with ifconfig. For example:

# hostname
	server.mydomain.com

# nslookup server.mydomain.com
	Non-authoritative answer:
	Name:   server.mydomain.com
	Address: 10.1.1.30

# ifconfig
	inet 192.168.0.5 netmask 0xffffff00

We can see here that the IP of the hostname does not match the real IP of the machine. A quick fix for this is to just add the hostname to your /etc/hosts file.

# ee /etc/hosts
	192.168.0.5	server.mydomain.com.

This will set the hostname to the IP assigned to your machine. Make sure you do not forget to put a . on the end when adding this line!

Another very common error is this one

[warn] (2)No such file or directory: Failed to enable 
the 'httpready' Accept Filter

It is caused by not having the accf_http kernel module loaded. Loading it is explained above.

Password Protecting Directories

Directories are set to password protected in the the httpd.conf file also. See the tutorial on password protecting directories with htaccess in Apache

Encrypting Traffic with SSL

The data moving between the user and your server well be plain text unless you use encrypt it. See the tutorial on setting up SSL with Apache 2.

PHP5

Installing PHP5 is as easy as installing any ports. Do the following commands:

cd /usr/ports/lang/php5
make install

You can configure as you like. As a reference here is my configuration:

  1. CLI (Build CLI version)
  2. CGI (Build CGI version)
  3. APACHE (Build Apache module)
  4. SUHOSIN (Enable Suhosin protection system)
  5. IPV6 (Enable ipv6 support)
  6. LINKTHR (Link thread lib (for threaded extensions))

Make sure APACHE is ticked!

Now install PHP5 extensions by

cd /usr/ports/lang/php5-extensions
make install

Again, configuration is yours. Here is my list:

  1. BCMATH (bc style precision math functions)
  2. BZ2 (bzip2 library support)
  3. CTYPE (ctype functions)
  4. CURL (CURL support)
  5. DOM (DOM support)
  6. FILTER (input filter support)
  7. GD (GD library support)
  8. GMP (GNU MP support)
  9. HASH (HASH Message Digest Framework)
  10. ICONV (iconv support)
  11. JSON (JavaScript Object Serialization support)
  12. LDAP (OpenLDAP support)
  13. MYSQL (MySQL database support)
  14. PDO (PHP Data Objects Interface (PDO))
  15. PDO_SQLITE (PDO sqlite driver)
  16. PGSQL (PostgreSQL database support)
  17. PHAR (phar support)
  18. POSIX (POSIX-like functions)
  19. SESSION (session support)
  20. SIMPLEXML (simplexml support)
  21. SQLITE (sqlite support)
  22. SQLITE3 (sqlite3 support)
  23. TOKENIZER (tokenizer support)
  24. WDDX (WDDX support (implies XML))
  25. XML (XML support)
  26. XMLREADER (XMLReader support)
  27. XMLWRITER (XMLWriter support)
  28. ZIP (ZIP support)
  29. ZLIP (ZLIB support)

Make configuratio file for PHP, invoke this command:

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Then edit Apache’s configuration file on /usr/local/etc/apache22/httpd.conf and add these:

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .php

In DirectoryIndex add php extention so it would be something like this:

DirectoryIndex index.html index.php

Edit the Languageconfiguration file (/usr/local/etc/apache22/extra/httpd-languages.conf) and add the following lines:

AddDefaultCharset On

Now restart apache (or start if you don’t start it yet)

/usr/local/etc/rc.d/apache22 restart

The post Install and Configure Apache Web Server and PHP5 in FreeBSD appeared first on Xathrya.ID.

Mengenal System Hardening (FreeBSD System)

Selamat Malam bro, Asik deh udah bulan july aja nih. gak terasa sudah mau hampir setahun domain .ID gua, walapaun sempet labil dengan banyak domain jaman dulu dan memutuskan untuk fokus ke domain .ID yang ini aja. Oh iya hari ini mau membuat postingan baru tentang Hardening. jujur gua sebenarnya juga baru tau nama teknik ini, di awali dengan iseng-iseng lagi melihat archive sesepuh kita “KECOAK Electronik” eh ketemu artikel tentang Hardening. setelah baca-baca bagus juga artikelnya dan memutuskan untuk mengArchive juga di blog ini, oke langgsung saja ke artikelnya yang di buat oleh scut (Kecoak Elektronik).
 

 Apa itu System Hardening?

System hardening adalah proses untuk menilai atau menimbang arsitektur keamanan sistem operasi, serta proses auditing (memeriksa kembali) apakah sistem operasi yang sudah terpasang berjalan dengan baik atau tidak. Hal ini untuk mengantisipasi beberapa jenis serangan yang dapat dilakukan terhadap sistem operasi tersebut. Serangan tersebut bisa dilakukan oleh attacker apabila banyak kesalahan (vulnerable) yang dijumpai didalam sistem operasi.

 

System Hardening kurang lebihnya dapat disimpulkan sebagai langkah awal untuk bertahan dan mengevaluasi dari serangan yang dilakukan terhadap sistem operasi (komputer), hal ini meliputi:

 

1. Pengecekan setelah proses instalasi awal

2. Pengoptimalan sistem operasi sebelum dilakukan hubungan ke internet

3. Pengecekan secara rutin apabila perlu dilakukan patching (tambahan) terhadap fasilitas pendukung yang ada didalam sistem operasi dan aplikasinya.

4. Penghapusan terhadap kesalahan (vulnerabilities) yang ditemukan.

 

 

Kenapa `System Hardening’ penting?

 

1. Karena sistem operasi yang ada sekarang ini banyak terjadi kesalahan dan cenderung tidak aman (insecure configuration) secara default.

2. Untuk menerapkan standar keamanan (security policy) dari sistem operasi.

3. Menemukan lubang keamanan (security vulnerabilities) dan mencegah beberapa serangan dari akibatditemukannya `exploit’ baru.

4. Karena perkembangan dari sistem operasi yang cenderung dinamis, proses analisa, auditing selalu diperlukan.

 

 

Dari mana untuk memulai?

 

Pertama adalah `kenali’ sistem operasi yang anda gunakan, hal ini meliputi dari struktur sistem operasi, karakteristik sistem operasi, jenis paket pendukung, dan stabilitas dari sistem operasi tersebut.

 

Kedua adalah pelajari bagaimana cara mengkonfigurasi sistem operasi, hal ini meliputi standar keamanan yang harus dimengerti terkait dengan sistem operasi tersebut, dan pelajari hal hal yang berkaitan dengan kesalahan (vulnerabilities) sebelumnya dari sistem operasi tersebut, dan segera lakukan tambahan (patching)dari kesalahan yang ada.

 

Ketiga adalah perlunya dipahami bahwa tidak semua `services’ atau packages yang anda install adalah layak digunakan (perlu digunakan). Idealnya haruslah

membuang paket paket yang tidak perlu dan mengoptimalkan services standar yang dibutuhkan oleh sistem operasi tersebut sebelum terhubung dengan internet.

 

 

Lantas apa itu FreeBSD System Hardening?

 

Pengertian dari FreeBSD System Hardening tidak jauh beda dengan yang digambarkan diatas, aspek yang `saya anggap penting’ dalam FreeBSD System Hardening adalah:

 

* Root pada hakekatnya adalah sebuah kemampuan yang tidak terbatas dalam mengubah (menambah, dan menghapus) konfigurasi dalam waktu berkala dan teratur. Hal ini termasuk dalam hal penambahan dan pengurangan beberapa services yang dianggap perlu atau tidak perlu.

 

* Secara default (konfigurasi FreeBSD) adalah memberikan informasi terhadapbeberapa services didalam sistem operasi, dan mengijinkan akses login terhadap server dari luar network.

 

* Proses yang ada didalam sistem memungkinkan untuk user melihat danmengidentifikasi semua proses yang berjalan, dan selanjutnya mereka (user) memungkinkan untuk melakukan attacking dari hasil analisa proses yang berjalan didalam sistem operasi.

 

* Secara default FreeBSD menyediakan beberapa paketan dan services tambahan yang dirasa kurang perlu dan segera dilakukan pembuangan beberapa services unusable tersebut.

 

Semoga bermanfaat bro.

 

SUMBER