RE: Change root user name? possible?
There are far better and less problematic ways to increase the security of a system. If you haven't already look at man 7 security. Disable SSH root login and turn off telnet to remove the ability of a remote root login at the very least. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ara Avvali Sent: Wednesday, August 25, 2004 4:51 PM To: [EMAIL PROTECTED] Subject: Change root user name? possible? Sorry if this might sound crazy, but is there anyway to rename root account to something else for extra security? Thank you ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Customized/automated FreeBSD Installations....
Hello Forrest, Take a look at the "FreeBSD From Scratch " article by Jens Schweikhardt at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/fbsd-from-scratch/in dex.html. "This article describes my efforts at FreeBSD From Scratch: a fully automated installation of a customized FreeBSD system compiled from source, including compilation of all your favorite ports and configured to match your idea of the perfect system. If you think make world is a wonderful concept, FreeBSD From Scratch extends it to make evenmore." It should at least get you going on the right path. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Forrest Aldrich Sent: Friday, August 20, 2004 9:21 PM To: [EMAIL PROTECTED] Subject: Customized/automated FreeBSD Installations I've been Googling for some information on this (and the Handbook). We have a scenario whereby we'll be building (over time) several mostly-identical systems. There are similar tasks that will need to be performed on those systems (copying over accounts, passwords, homedirectories), and certain *.conf changes, etc. There has to be a decent way to accomplish this, other than manually per-system or having to build a make-release with some customizations. I have seen GNU CFEngine, but it seems like overkill. I'd appreciate some recommendations/pointers. Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: securing postgresql on fbsd
It looks like you configured the tunnel to point to the public host (dbsrv1) and configured PostgreSQL to only listen on the loopback 127.0.0.1. Try tunneling to 127.0.0.1:5432 instead of dbsrv1 Something like ssh -L 5001:127.0.0.1:5432 [EMAIL PROTECTED] Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Bear Sent: Thursday, August 19, 2004 12:38 PM To: [EMAIL PROTECTED] Subject: securing postgresql on fbsd This is not strictly a freebsd question, but this group is the smartest around... so I've installed postgresql on freebsd 4.10-rel. I want to secure ALL connections to postgres through ssh. So I first configured postgresql to connect ONLY to 127.0.0.1 port 5432. Then, when attempting to ssh to tunnel to it from another machine I got an error: --- Aug 19 10:31:12 dbsrv1 sshd[157]: Accepted publickey for iddwb from +129.219.69.200 port 33068 ssh2 Aug 19 10:31:40 dbsrv1 sshd[159]: error: connect_to 129.219.69.206 port 5432: +Connection refused Aug 19 10:31:40 dbsrv1 sshd[159]: error: connect_to dbsrv1.pp.asu.edu port 5432: +failed. So it looks like I wasn't building the tunnel correctly. From the remote host connecting to the freebsd postgresql server I was using: ssh -L 5001:dbsrv1:5432 [EMAIL PROTECTED] But it looks like that is forbidden to connect to 'localhost' on the remote machine, ie on dbsrv1. I was able to get postgresql to bind to all adapters, and connect to it using the above tunnel. But then I have an open port on dbsrv1 that anyone can connect to... ie I can straight telnet dbsrv1 5432 and reach it unencrypted. It binds to a public interface, and I don't want that. I know postgresql has an ssl option, but I was hoping to just use ssh tunneling. hoping this make sense, I'm wondering what other freebsd users have done to secure postgresql? or how to make ssh tunnel 'all the way through to the remote "localhost"'.. -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing" - End forwarded message - -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"