What would take an experienced operator an hour or so can be done in seconds with backups, logs, syntax checking, Zenbleed workaround, visual man hier
, and desktop wallpapers. I also want to say after testing almost every BSD that if you've not tried GhostBSD yet, you should. It's first class.
I spent a couple days testing my script against the default latest GhostBSD install and one thing I want to bring up first thing is that Firefox and Chromium are using writable shared memory access which the security community sees a definite vulnerability no matter what the software is, except maybe databases, but web browser shared memory is the worst!
As it is, the only browsers that passed my security settings are Qutebrowser and Librewolf.
pkg install librewolf
If you do decide that a secure GhostBSD is for you, please do not disable the settings to run Chromium! Only recently has Firefox brought this insecurity back after removing it on all platforms and I expect them to remove the vulnerability again soon.
However, right now Chrome has a slew of high CVE's attributed to them. Most of our lives go through the web browser: Bank Accounts. Federal Documents, etc. so there you have it.
https://github.com/wravoc/harden-ghostbsd
Backup:
https://bitbucket.org/quadhelion-engineering/harden-ghostbsd