Asking the experts. . .

Sat Aug 13 22:17:31 GMT 2005

On Sat, Aug 13, 2005 at 12:35:48PM +0000, Bryan Maynard wrote:
> It seems like the suid bit means that only the file owner can execute
> the file. Is this true?

No. It means that if this program is run (by any user) it will have
their user id (uid) set to the owner of the programs binary, which is
most usually root. 

> Also, does anyone have any security tips? I am new 
> to all this and so am looking for as much info as possible. I would 
> like to get a (few) book(s) on FreeBSD and security - any 
> recommendations?

A short (but nowhere near exhaustive) list.

- Use strong passwords.
- Do not allow root to log in remotely.
- Restrict physical access to the server.
- Only install the software (ports) that you really need.
- Activate one of the firewalls, and shut all the network ports that you don't
  need. 
- Run servers as an unprivileged user.
- Keep an eye on security updates.

> My second concern is performance. I read the tuning man page and was a 
> little confused. Could anyone help me with this? Reasources and/or 
> advice would be great.

Make it run first. Worry about performance later.

> I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also 
> need an email server.

I like Postfix better than the standard sendmail that FreeBSD comes with.

> for the project. I'd like to use ClamAV for e-mail virus protection - 
> but need some pointers for installation and configuration.

If you install bogofilter or dspam, you will not only catch viruses, but
also spam.

Roland
-- 
R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text.
public key: http://www.xs4all.nl/~rsmith/pubkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050814/68f5d373/attachment.bin