Initial Hardening of the operating system   IMPORTANT NOTE:  This document is based on FreeBSD.  The concepts should be similar across operating systems, but the commands will very likely be different.  Also, never assume the directory structures exist in your system as written in the document.  Never blindly follow security instructions -- read, review, compare, apply as it fits your system. The steps noted below will increase the level of hardening of your operating system. These steps will remove groups and users not used by Internet servers, and set appropriate permissions for system programs.  Please note that when you see a zero (0) in the last chmod permission bit, it means that the world has no permission. Log into each server as root. Then copy and paste the following to your command line to execute (please double check directory locations as applicable): 3.  Modify Kernel settings to increase security: sysctl -w kern.securelevel=2 sysctl -w net.inet.tcp.log_in_vain=1 sysctl -w net.inet.udp.log_in_vain=1 4.  Edit /etc/defaults/rc.conf and /etc/rc.conf and make the following changes: icmp_drop_redirect="YES" icmp_log_redirect="YES" kern_securelevel_enable="YES" kern_securelevel="2" tcp_extensions="NO" tcp_keepalive="YES" icmp_bmcastecho="NO" icmp_bandlim="YES" 5.  Edit /etc/sysctl.conf and make the following changes: net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 kern.securelevel=2 net.inet.ip.check_interface=1 net.inet.tcp.recvspace=65535 net.inet.tcp.sendspace=65535 kern.fallback_elf_brand=3 net.inet.tcp.syncookies=0 net.inet.icmp.bmcastecho=0 net.inet.icmp.maskrepl=0 net.inet.icmp.icmplim=200 IMPORTANT NOTE:  This document and all linked document is being provided as a good will gesture to the Parallels H-Sphere community and to others who may benefit from its use.  Dynamic Net, Inc. makes no representations implied or explicit as to their value or warranty. Dynamic Net, Inc. will not be held liable for any damage resulting in the application of the steps and procedures noted.  If you feel uncomfortable at all about doing any of the steps, make a complete system backup and hire a third party like We Manage Servers to do the work for you.