Hardening FreeBSD

1 minute read Published:

Various useful security settings for FreeBSD.

Some things to remember – unfortunately far from being complete.


Lowest: -1 Highest: 3

Set to highest:

# echo kern_securelevel_enable=\"YES\" >> /etc/rc.conf
# echo kern_securelevel=3 >> /etc/rc.conf

Open Ports

Check open ports using

# sockstat -4
# sockstat -6


In /usr/X11R6/bin/startx add argument such that

serverargs="-nolisten tcp"

Check with sockstat, whether the open port 6000 has disappeared.


If you don’t need logging from remote machines, change the /etc/rc.conf file by typing

# echo syslogd_enable=\"YES\" >> /etc/rc.conf
# echo syslogd_flags=\"-ss\" >> /etc/rc.conf

Clear \tmp

To clear the \tmp directory at startup do

# echo clear_tmp_enable=\"YES\" >> /etc/rc.conf

Prevent Remote Login

To prevent all remote login and allow only physical login change /etc/login.access to allow

comments powered by Disqus