On 2023-04-26, jonathon575 <jonathon...@protonmail.com> wrote: > The services in the file rc.conf are kept in its default state which is > mostly disabled. the binary files sshd, portmap, ntpd are deleted from the > /bin directory. Other binary files telnet, ssh, scp, sftp are removed to > prevent any file transfer from the firewall to the LAN network.
That is pointless, if an attacker is on the system they can use shell built-ins to write new binaries to disk. Better keep the tools which you need to maintain and administer the system. You talk about IDS/IPS a few times. Software doing that is often pretty damn scary and often runs with high privileges. I would be way more concerned about running that than say sshd. -- Please keep replies on the mailing list.
