Secure Freebsd

[linuxcomando]

I not a big fan of writing tutorials because the way i see it most of the information is already out there and probley writen better then i could have anyway.

However, with the rise of script kiddies i thought i would throw this out. Several of my/clients webservers run on freebsd. The main reason for this is the jail command.
Man Page

Its been around since freebsd 4.2 i think i forget though so dont complain to me if its wrong.
What does it do? You can have it so your actually running another freebsd file system on top of the orignal root file system

so like if user log in through ssh. To them it would be / but in reallity it would be /jail/
Whats cool is no process in that file system actually affect the real file system. So if on the host system you did a chflags +i plus use kernel secuity levels you could make it so that no file could be deleted,changed,modified no matter what!......and say you have apache,ssh,ftp, all open and a new exploit comes out, they would all be running in the jail so if they got root they would have root in the jail and not the actual system. But since they couldnt change any files it would really matter anyway. I could go on for days on how you can make a damn near unhackable server but this was just a public anouncement i suppose.

You want to know how secure it is? I had a server set up at defcon 10 and 11 and gave the root access over ssh to damn near 40-50 pretty illeat peps and they didnt even dent it.
There has been one exploit but that was for 4.3. If there are any other one i would be greatful to be aware of them.

If you have any questions IM me

[pwaring]

Erm, where is the tutorial element in this thread? You haven't shown anyone how to setup jail, FreeBSD or anything else.