1. Secure Mount Points2. Scan for SUID and SGID Programs3. Scan for World- and Group-Writable Directories4. Create Flexible Permissions Hierarchies with POSIX ACLsEnabling ACLsManaging ACLs5. Protect Your Logs from Tampering6. Delegate Administrative Roles7. Automate Cryptographic Signature Verification8. Check for Listening Services9. Prevent Services from Binding to an Interface10. Restrict Services with Sandboxed EnvironmentsUsing chroot()Using FreeBSD’s jail()11. Use proftpd with a MySQL Authentication SourceSee Also12. Prevent Stack-Smashing Attacks13. Lock Down Your Kernel with grsecurityPatching the KernelConfiguring Kernel OptionsLow securityMedium securityHigh securityCustomized security settings14. Restrict Applications with grsecurity15. Restrict System Calls with systrace16. Create systrace Policies Automatically17. Control Login Access with PAMLimiting Access by OriginRestricting Access by Time18. Restrict Users to SCP and SFTPSetting Up rsshConfiguring chroot()19. Use Single-Use Passwords for AuthenticationOPIE Under FreeBSDS/Key Under OpenBSD20. Restrict Shell Environments21. Enforce User and Group Resource Limits22. Automate System Updates