Revision as of 02:37, 4 May 2023 edit Cedar101 (talk \| contribs) Extended confirmed users 18,557 edits m →Passwords: lang="unixconfig" ← Previous edit		Revision as of 02:38, 4 May 2023 edit undo Cedar101 (talk \| contribs) Extended confirmed users 18,557 edits m →Services: {{sxhl}} Next edit →
Line 95: This approach is usually called ''proactive security''. There are some operating systems which are ''secure by default''. Amongst others, the free BSD flavours ([[FreeBSD]], [[NetBSD]], and [[OpenBSD]]) are proactively secure. For example, the output of netstat on a NetBSD 3.0 workstation clearly outlines this technique: {{sxhl\|2=console\| $ netstat -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost.smtp . LISTEN tcp 0 0 .ssh .* LISTEN Active Internet6 connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 localhost.smtp . LISTEN tcp6 0 0 .ssh .* LISTEN Active UNIX ___domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr c0d10d80 dgram 0 0 0 c0cd8680 0 c0cb7000 -> /var/run/log c0cb7000 dgram 0 0 0 c0cd8680 0 0 -> /var/run/log c0cd8680 dgram 0 0 cb9639e8 0 c0d10d80 0 /var/run/log }} The following example from a BSD system {{sxhl\|2=console\| $ sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 569 4 tcp localhost.smtp . root sshd 593 4 tcp .ssh .* }} shows that on this machine only the [[Secure shell\|SSH]] service is listening to all public network interfaces of the computer. [[sendmail]] is listening to the [[loopback]] [[Network interface controller\|interface]] only. Access to a service may be further restricted by using a [[Unix security#Firewalls\|firewall]].

Unix security: Difference between revisions