Conducting a FreeBSD Security Audit

1. System Information Gathering

Identify system version and patch level
freebsd-version -ku
List installed packages and their versions
pkg info
Check for outdated packages
pkg audit -F

2. User and Group Management

Review user accounts
cat /etc/passwd
Check for accounts with empty passwords
awk -F: '($2 == "") {print $1}' /etc/master.passwd
Review sudo configuration
visudo

3. File System Security

Check for world-writable files and directories
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
Identify files with SUID/SGID bit set
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f -print
Review mount options
mount

4. Network Security

List open ports and associated services
sockstat -4 -l
Review firewall rules
pfctl -s rules
Check SSH configuration
cat /etc/ssh/sshd_config

5. Service and Process Audit

List running services
service -e
Review cron jobs
ls /var/cron/tabs /etc/crontab /etc/cron.d
Check for unauthorized SUID/SGID binaries
find / -type f \( -perm -4000 -o -perm -2000 \) -print

6. Logging and Monitoring

Verify syslog configuration
cat /etc/syslog.conf
Check auditd configuration
cat /etc/security/audit_control
Review last logins
last

7. Kernel Security

Review kernel security settings
sysctl security
Check for loaded kernel modules
kldstat

8. Application-specific Security

Review web server configurations (if applicable)
cat /usr/local/etc/apache24/httpd.conf or cat /usr/local/etc/nginx/nginx.conf
Check database security settings (if applicable)
cat /var/db/mysql/my.cnf or cat /usr/local/etc/postgresql/postgresql.conf

Note:

This audit checklist provides a starting point for assessing your FreeBSD server's security. Depending on your specific environment and requirements, you may need to perform additional checks or use specialized tools for a more comprehensive audit.

Additional Resources