|
16th May 2008
|
||||
|
||||
All in one server
I'm planning the following to make an all in one FreeBSD server which will contain the following:
Mailserver - postfix, imap, antispam Webserver - with mysql Fileserver - samba, nfs, cups printing Multimedia server - planning to play movies and mp3s; server will be connected to projector. FTP server - i'm sure this will be jailed 1. What order of install should be taken? 2. What should be chrooted or jailed? 3. What are the best apps suited for this combo? 4. Ideal partition layout? hardware: socket 939 AMD 4000+; 3G ram; 6600GT grfx card; gobs of disk storage like 2x400GB, 1 500GB and 1 250GB Planning to use AMD64 FreeBSD 7 s/w. The main issue is security here and yes I'm going to give shell accounts to friends and family around the world. So start thinking in a practical paranoid kind of way and lay it all out on the table. 
|
|
16th May 2008
|
||||
|
||||
|
I would also have to absolutely recommend jailing your Mailserver, and webserver, if indeed the main issue is security.
|
|
17th May 2008
|
|||
|
|||
|
Don't allow NFS, Samba and Cups through your firewall
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
17th May 2008
|
||||
|
||||
|
|
|
17th May 2008
|
|||
|
|||
|
The doc that Weaseal posted can also be done easily using ezjail (in the ports tree as sysutils/ezjail). Personally, I have just about everything jailed on my system (the base system is just that pretty much). Apache is in a jail, MySQL is in a jail, PostgreSQL in a jail, vsftpd is in a jail, and even "shell services" in a jail. I make use of mount_nullfs when absolutely necessary (for example, on shell server, ~/public_html is a softlink to /www/<username> in the jail system, and that FS is mount_nullfs to the WWW jail so that userdirs still display from the webserver... I know it's not perfect, but it's a good option without giving everybody access to the web server).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
|
|
14th June 2008
|
|||
|
|||
|
A further improvement could be well in putting each service on a separate partition.
Quote:
|
|
17th September 2008
|
|||
|
|||
|
helllo
can I know more about your program......I mean VPN
|
|
3rd October 2008
|
||||
|
||||
|
Put the shell account users in a seperate virtual machine running under qemu, perhaps? That's pretty darn safe.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Sun Java System Web Server - Active Server Pages (yes ASP) | hopla | FreeBSD General | 0 | 26th September 2008 08:22 AM |
Linear Mode
