Chapter 14. Security

Rewritten by Tom Rhodes.
Table of Contents
14.1. Synopsis
14.2. Introduction
14.3. One-time Passwords
14.4. TCP Wrapper
14.5. Kerberos
14.6. OpenSSL
14.7. VPN over IPsec
14.8. OpenSSH
14.9. Access Control Lists
14.10. Monitoring Third Party Security Issues
14.11. FreeBSD Security Advisories
14.12. Process Accounting
14.13. Resource Limits
14.14. Shared Administration with Sudo

14.1. Synopsis

Security, whether physical or virtual, is a topic so broad that an entire industry has evolved around it. Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must.

In this chapter, several fundamentals and techniques will be discussed. The FreeBSD system comes with multiple layers of security, and many more third party utilities may be added to enhance security.

After reading this chapter, you will know:

  • Basic FreeBSD system security concepts.

  • The various crypt mechanisms available in FreeBSD.

  • How to set up one-time password authentication.

  • How to configure TCP Wrapper for use with inetd(8).

  • How to set up Kerberos on FreeBSD.

  • How to configure IPsec and create a VPN.

  • How to configure and use OpenSSH on FreeBSD.

  • How to use file system ACLs.

  • How to use pkg to audit third party software packages installed from the Ports Collection.

  • How to utilize FreeBSD security advisories.

  • What Process Accounting is and how to enable it on FreeBSD.

  • How to control user resources using login classes or the resource limits database.

Before reading this chapter, you should:

  • Understand basic FreeBSD and Internet concepts.

Additional security topics are covered elsewhere in this Handbook. For example, Mandatory Access Control is discussed in Chapter 16, Mandatory Access Control and Internet firewalls are discussed in Chapter 31, Firewalls.

All FreeBSD documents are available for download at

Questions that are not answered by the documentation may be sent to <>.
Send questions about this document to <>.