View Single Post
Old 13th May 2008
tanked tanked is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 56
Default

Quote:
Originally Posted by cajunman4life View Post
I've also been building ezjails (I like it for its low overhead and read only base system) lately. One for each service I want to run (For example, one is running Apache/OpenSSL/PHP, another is running MySQL, another running PostgreSQL, and yet another running VSFTPd). I find it tends to make each jail easy to secure as there is relatively little installed in each jail.
I too use ezjail and would recommend it to anyone running multiple servers; its just so easy to set up plus the added protection of making the userland read-only means anyone breaking into your jail would find it hard to corrupt the binaries. The only thing jails need now is the virtual network stack implementation, maybe it will be MFC'd at some point.
Reply With Quote