Content deleted Content added
try to remove syntax highlighting errors |
hmmm, try simple indented block |
||
Line 96:
This approach is usually called ''proactive security''. There are some operating systems which are ''secure by default''. Amongst others, the free BSD flavours ([[FreeBSD]], [[NetBSD]], and [[OpenBSD]]) are proactively secure. For example, the output of netstat on a NetBSD 3.0 workstation clearly outlines this technique:
$ netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.smtp *.* LISTEN
tcp 0 0 *.ssh *.* LISTEN
Active Internet6 connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 0 0 localhost.smtp *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
Active UNIX ___domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c0d10d80 dgram 0 0 0 c0cd8680 0 c0cb7000 -> /var/run/log
c0cb7000 dgram 0 0 0 c0cd8680 0 0 -> /var/run/log
c0cd8680 dgram 0 0 cb9639e8 0 c0d10d80 0 /var/run/log
The following example from a BSD system
$ sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sendmail 569 4 tcp localhost.smtp *.*
root sshd 593 4 tcp *.ssh *.*
shows that on this machine only the [[Secure shell|SSH]] service is listening to all public network interfaces of the computer. [[sendmail]] is listening to the [[loopback]] [[Network interface controller|interface]] only. Access to a service may be further restricted by using a [[Unix security#Firewalls|firewall]].
| |||