Network Security

To get a list of listening network ports, run the following:

# sockstat -4

Disable any ports that are not necessary. To do so, kill the PID shown by netstat. The only port that your server must be listening on is SSH (22/tcp). Other ports that will need to be listening depend on the specific purpose of your dedicated server. Note that by killing the PID of the process you are not preventing your server from starting the same service again on bootup. To disable services, see below.

FreeBSD utilizes the file /etc/rc.conf, as well as the /usr/local/etc/rc.d directory. The contents of rc.conf’s manpage will list all the programs that you can start and stop via rc.conf. Any file ending with the .sh file extension in the /usr/local/etc/rc.d directory will be executed upon startup. To disable any script from executing on startup, simply rename the file to another extension:

# mv server-startup.sh server-startup.sh.disabled


Posted in Windows. Bookmark the permalink.