How far to go with jailing?

Jeff Mitchell skeezix at
Tue Feb 2 01:49:04 UTC 2010

 	Strikes me that setting up jails for bloody-well-every-other 
service might be 'fun' ..

 	Jail the webserver; seems a logical break, and keep you honest for 
your partitioning. No more ~/public_html to access it I suppose, but much 
mroe secure for when people attack your wordpress etc.

 	Jail the 'email services'; use fetchmail to pull down to the jail, 
and IMAP and POP3 to serve the mail even to local clients; nice clean 
email mini-server right there in the jail?

 	Jail SMB-serving, so if attacked it still can only serve the 
content in the very well defined area.

 	Jail the mailing list (mailman etc) .. keep things nice and clean.

 	But is setting up a whole stack of jails a pain? a performance 
problem? or just un-necessary overkill? Or a good idea?


If everyone would put barbecue sauce on their food, there would be no war.

More information about the freebsd-questions mailing list