In this web content, the author provides a list of hardening techniques for securing an OpenBSD workstation. They explain the threat model behind each change and note that while some tweaks may be overkill for most users, they may be appropriate in certain contexts. Some key recommendations include removing oneself from the wheel group to prevent privilege escalation, implementing multiple-factor authentication, setting home directory permissions, configuring the OpenBSD firewall to block inbound and filter outbound traffic, disabling network access by default, living in a temporary file-system, and disabling certain hardware devices like webcams and microphones. The author also suggests system-wide services like Clamav antivirus and implementing auto-updates for packages and the base system. They caution that while hardening is important, it should be balanced with usability.
https://dataswamp.org/~solene/2023-12-31-hardened-openbsd-workstation.html