[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [other] Re: [openbsd] public shell server
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: [other] Re: [openbsd] public shell server
- From: Chris Zakelj <c_(_dot_)_zakelj_(_at_)_ieee_(_dot_)_org>
- Date: Thu, 29 May 2003 09:12:04 -0400
Alex de Joode wrote:
Ok, now that that's out of the way, about all I can say is that choosing
OpenBSD will probably eliminate many of the possible remote exploits around,
so you've done well there. Unless there's a specific reason not to, chroot
everybody to their home directory.
How do I do that ? via restricted shells, or has OpenBSD 'jails' ?
I've never had to worry about this (My usage of BSD is primarily
firewalling stuff, with an occasional webserver (where chrooting is a
real pain, but I'm relearning to work through it)), but I'd be willing
to bet there's probably a FAQ or HOWTO written on it. If all else
fails, you can always check the chroot man page :)
Take anti-spam measures as appropriate,
I'll provide postfix+spamassasin+amavis+mcafee
Umm, actually, I meant this in the "make sure you don't become a spam
and (as always) don't turn on any service you don't need.
Well I was planning on providing php+mysql, donno if mysql and
openbsd are 'friends' yet (there were problems previously).
Well, when I was working on my first webserver about a year ago, mysql
and obsd got along fairly well when you built from the ports tree. Just
have to pay attention that you used the right makefile and command line
options, or you were likely to forget a module you really wanted (like
php4 support). In the year since I did this, the structure of the port
has changed, but I doubt compatibility went down because of it.