FreeBSD Mail Archives

Date:      Tue, 29 Dec 2015 14:00:44 -0500
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        Paul Stuffins <freebsd@ravexdata.com>, freebsd-questions@freebsd.org
Subject:   Re: Are Jails worth it?
Message-ID:  <1451415644.18353.43.camel@michaeleichorn.com>
In-Reply-To: <5682B7F1.1070606@ravexdata.com>
References:  <5682B7F1.1070606@ravexdata.com>


[-- Attachment #1 --]
On Tue, 2015-12-29 at 16:42 +0000, Paul Stuffins wrote:
> Afternoon Everyone,
> 
> I have a FreeBSD VPS on Digital Ocean that runs Nginx and PHP-FPM, 
> MariaDB is run on a separate VPS, and was wondering is it worth
> running 
> NginX and PHP-FPM in separate jails, or is it not worth it and I
> should 
> just keep the set up as I have it which is everything installed on
> the 
> base system?
> 
> Many Thanks
> Paul

It really is a 'depends on your threat environment' kind of thing. For
most use cases what you have is fine.

If you are concerned about more than the usual than maybe you would
want to separate them. If you want to be able to inspect the system
while under attack you will want to have the jails.

It really depends, but what you have already is certainly fine for most
uses so long as you keep up with your security patches and properly
configure php.

Ike
[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
���0�00��]�0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��
	ike@michaeleichorn.com0�"0
	*�H��
�0�
��UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYǲ�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\�����0��0	U00U�0U%0++0U�jj�:	�γ����+39�啖0U#0�Sr풜���\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��]�0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��
	ike@michaeleichorn.com0�"0
	*�H��
�0�
��UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYǲ�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\�����0��0	U00U�0U%0++0U�jj�:	�γ����+39�啖0U#0�Sr풜���\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�"0
	*�H��
�0�
��	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N�����0��0U�0�0U�0USr풜���\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+Z0X0'+0�http://ocsp.startssl.com/ca0-+0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+��70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*�H��
�
�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢������o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�Ǉ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1�0�{0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�He���0	*�H��
	1	*�H��
0	*�H��
	1
151229190044Z0/	*�H��
	1" 

�O6�$~�?$)����\�U�r�����K0��	+�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��
	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��
�p�\����(�F*p������#�=i0���7`/���(��[��h��@砀�F
�F��M���ǠR��qJdG�Ԫ�u������b�$�>� ���s��A厽���q5���o�s��t�����������
�
���9��i���,��}rm�	ck�s�p��R3΍W���x0�a���(՞jI�q���]'�sg<�h�t}Ju���`VŔ=�@��{1a��1���hݗ��b�<i0q��7���

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1451415644.18353.43.camel>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation