How far to go with jailing?
skeezix at skeleton.org
Tue Feb 2 01:49:04 UTC 2010
Strikes me that setting up jails for bloody-well-every-other
service might be 'fun' ..
Jail the webserver; seems a logical break, and keep you honest for
your partitioning. No more ~/public_html to access it I suppose, but much
mroe secure for when people attack your wordpress etc.
Jail the 'email services'; use fetchmail to pull down to the jail,
and IMAP and POP3 to serve the mail even to local clients; nice clean
email mini-server right there in the jail?
Jail SMB-serving, so if attacked it still can only serve the
content in the very well defined area.
Jail the mailing list (mailman etc) .. keep things nice and clean.
But is setting up a whole stack of jails a pain? a performance
problem? or just un-necessary overkill? Or a good idea?
If everyone would put barbecue sauce on their food, there would be no war.
More information about the freebsd-questions