Securing the Console

Securing the physical server console itself involves both physical security and security settings on the software. Ideally, your server should be locked in a room that only trusted administrators have access to. However, this is not always feasible in a small office. By default, however, FreeBSD allows root access to the console in single user mode without providing a password. If the server cannot be physically secured, it is important to change this. This is done by editing the file /etc/ttys. Look for the line that says

console none        unknown off secure

Change it so that it reads

console none        unknown off insecure

This will prevent FreeBSD from allowing someone to boot in to single user mode without supplying a password. ...

Get Sams Teach Yourself FreeBSD® in 24 Hours now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.