View Single Post
  #2   (View Single Post)  
Old 2nd July 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by milo974 View Post
It works perfect.
Then you may have used chmod(1) or chown(8), or both, in order to provide rw access to /dev/pf. It is filemode 600 and owned by wheel:root in the default install.
Quote:
....is it enough in security?
It depends what you mean by the word security. We don't know what you mean by the word, or what else you've done, or what you intend.

Example, if you allow password authentication, and SSH access is exposed to the Internet, then I would consider your solution insecure. Others might think strong passwords are sufficient. Still more might recommend using a non-default port number. I wouldn't. But then, I don't know what you mean by "security."
Quote:
In my config, what is best way : use chroot or systrace?
I don't see how either would apply to shell commands.

First, ask yourself, "What is it I wish to accomplish?" Once you have the answer, then you can search for a technical solution, and ask for advice or best practice. Don't start with technical tools, and ask if they apply to an ill-defined solution.
Reply With Quote