[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [other] Re: [openbsd] public shell server

Alex de Joode wrote:

Ok, now that that's out of the way, about all I can say is that choosing
OpenBSD will probably eliminate many of the possible remote exploits around,
so you've done well there. Unless there's a specific reason not to, chroot
everybody to their home directory.

How do I do that ? via restricted shells, or has OpenBSD 'jails' ?

I've never had to worry about this (My usage of BSD is primarily firewalling stuff, with an occasional webserver (where chrooting is a real pain, but I'm relearning to work through it)), but I'd be willing to bet there's probably a FAQ or HOWTO written on it. If all else fails, you can always check the chroot man page :)

Take anti-spam measures as appropriate,
I'll provide postfix+spamassasin+amavis+mcafee

Umm, actually, I meant this in the "make sure you don't become a spam source" sense.

and (as always) don't turn on any service you don't need.

Well I was planning on providing php+mysql, donno if mysql and openbsd are 'friends' yet (there were problems previously).

Well, when I was working on my first webserver about a year ago, mysql and obsd got along fairly well when you built from the ports tree. Just have to pay attention that you used the right makefile and command line options, or you were likely to forget a module you really wanted (like php4 support). In the year since I did this, the structure of the port has changed, but I doubt compatibility went down because of it.