Chapter 13. Security

Rewritten by Tom Rhodes.
Table of Contents
13.1. Synopsis
13.2. Introduction
13.3. One-time Passwords
13.4. TCP Wrapper
13.5. Kerberos
13.6. OpenSSL
13.7. VPN over IPsec
13.8. OpenSSH
13.9. Access Control Lists
13.10. Monitoring Third Party Security Issues
13.11. FreeBSD Security Advisories
13.12. Process Accounting
13.13. Resource Limits
13.14. Shared Administration with Sudo

13.1. Synopsis

Security, whether physical or virtual, is a topic so broad that an entire industry has evolved around it. Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must.

In this chapter, several fundamentals and techniques will be discussed. The FreeBSD system comes with multiple layers of security, and many more third party utilities may be added to enhance security.

After reading this chapter, you will know:

  • Basic FreeBSD system security concepts.

  • The various crypt mechanisms available in FreeBSD.

  • How to set up one-time password authentication.

  • How to configure TCP Wrapper for use with inetd(8).

  • How to set up Kerberos on FreeBSD.

  • How to configure IPsec and create a VPN.

  • How to configure and use OpenSSH on FreeBSD.

  • How to use file system ACLs.

  • How to use pkg to audit third party software packages installed from the Ports Collection.

  • How to utilize FreeBSD security advisories.

  • What Process Accounting is and how to enable it on FreeBSD.

  • How to control user resources using login classes or the resource limits database.

Before reading this chapter, you should:

  • Understand basic FreeBSD and Internet concepts.

Additional security topics are covered elsewhere in this Handbook. For example, Mandatory Access Control is discussed in Chapter 15, Mandatory Access Control and Internet firewalls are discussed in Chapter 30, Firewalls.

All FreeBSD documents are available for download at

Questions that are not answered by the documentation may be sent to <>.
Send questions about this document to <>.