Asking the experts. . .

Chuck Swiger cswiger at mac.com
Sat Aug 13 18:02:38 GMT 2005 

Bryan Maynard wrote:
> I'm setting up a web/mail/source coude server for my open source project 
> and am using FreeBSD.
> 
> My first concern is security. I read through the appropriate area of the 
> Handbook and really enjoyed it. However, I do not know what suid, guid, 
> and the like are. I've look up the man pages, but am still confused. It 
> seems like the suid bit means that only the file owner can execute the 
> file. Is this true?

Nope.  "setuid" means that the program runs with the effective permissions of 
the userid who owns the file, rather than with the permissions of the user who 
runs the command.

> Also, does anyone have any security tips? I am new 
> to all this and so am looking for as much info as possible. I would 
> like to get a (few) book(s) on FreeBSD and security - any 
> recommendations?

Sure.  First security tip: don't run PHP.
Next, install portaudit and update your ports when it identifies an issue.

> My second concern is performance. I read the tuning man page and was a 
> little confused. Could anyone help me with this? Reasources and/or 
> advice would be great.

FreeBSD is likely to perform fine for a wide variety of loads, without any 
tuning effort on your part.  Until you notice your machine getting busy enough 
to care about, don't worry about performance.  Then start my monitoring the 
system, and tuning the bottlenecks which show up by measurement.

The other tip: add more memory.

> I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also 
> need an email server. I will need mailing lists. I would like to 
> support IMAP, but am unfamiliar with it. I understand POP3 as I have 
> dealt with it for a while. What are the tradeoffs and/or advantages of 
> IMAP? I know IMAP is supposed to be "newer" and "better", but how? 

IMAP supports people reading mail from multiple clients, so things like 
deleting mail on your phone, and having it stay deleted when you look from your 
desktop work.

Install an IMAP server (Cyrus? imap-uw? courier?), and install Mailman for 
mailing lists.  FreeBSD comes with sendmail, which works just fine but has a 
poor security history; keep FreeBSD itself up-to-date if you use sendmail.

Otherwise, postfix is a common replacement MTA, and it integrates well with 
amavis/clamav/spamassasin for anti-virus/anti-spam filtering.

> In addition to mailing lists, contributors will also get e-mail addresses 
> for the project. I'd like to use ClamAV for e-mail virus protection - 
> but need some pointers for installation and configuration.

cd /usr/ports/security/clamav
make install

...follow the docs to enable clamd and freshclam in rc.conf.  See "man clamscan".

-- 
-Chuck

More information about the freebsd-questions mailing list