Chapter 3. Secure Installation and Hardening

So the combination is one, two, three, four, five. That’s the stupidest combination I’ve ever heard in my life. That’s the kinda thing an idiot would have on his luggage.

—Dark Helmet Spaceballs

Securing a system doesn’t necessarily begin with a running system. Given the option, it’s a good idea to start thinking about system security early on: before and during installation. In this chapter, we step through the installation process for both OpenBSD and FreeBSD and address some of the security implications of your early decisions.


If you are not comfortable with the install process for either operating system, now is the perfect time to read the relevant documentation. For FreeBSD, read Chapter 2 of the Handbook. For OpenBSD, see section 4 of the FAQ. If you have not signed up for the FreeBSD and OpenBSD security lists, do so immediately. Links to these lists are available in Section 3.8 at the end of this chapter.

Throughout this chapter we will be following the fundamental security principles laid out in Chapter 1 of this book. Keep in mind that in the context of system security it’s not always true that “more is better.” The consequences of increased security often include greater administrative overhead in maintenance and installation, more complicated configuration, and a general decrease in flexibility and convenience. Balance the trade-offs appropriately for your environment to arrive at a solution that meets both your usability ...

Get Mastering FreeBSD and OpenBSD Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.