From owner-freebsd-questions@FreeBSD.ORG Thu Dec 15 00:31:36 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7A3816A41F for ; Thu, 15 Dec 2005 00:31:36 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEFC643D4C for ; Thu, 15 Dec 2005 00:31:35 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: by zproxy.gmail.com with SMTP id 12so270937nzp for ; Wed, 14 Dec 2005 16:31:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Mg/unSGaVddEFF+1CPZgFEfmbpub/sz6LxG6VOxa44s0PTzGfYs43N75idL8qpPCbW4BJco8u0EcdpCqLTNgp6VXDilTycvuZ8EfUXy6kxTNwfDHT3auuiI/t2Z+HcVT0mP/M99welm61h1emg/TbWAPOPao9i9eeUc9S+vdU2Y= Received: by 10.65.35.10 with SMTP id n10mr828673qbj; Wed, 14 Dec 2005 16:31:34 -0800 (PST) Received: by 10.64.150.18 with HTTP; Wed, 14 Dec 2005 16:31:34 -0800 (PST) Message-ID: Date: Thu, 15 Dec 2005 01:31:34 +0100 From: Pietro Cerutti To: FreeBSD In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Subject: Re: Insecure Web App Hosting X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2005 00:31:36 -0000 On 12/15/05, Mike Esquardez wrote: > i have to install a server that will host a "test drive" of a web app on = the > internet. from my inital look at the app, it looks like it will be a targ= et > to be exploited. i am not involved with the code so fixing it is not an > option. what i would like to try and do is host it in a manner where i ca= n > minimize the risk and damage. it will only have sample data and it doesnt > have to be "live". some ideas i have- > > automate disk imaging or rsync. > read only filesystem. > integrity tool. > live cd version of the app. > > any other ideas????? What about putting your services in a jail(8) ? > > its using apache/php/mysql and i have explained that it might not be full= y > functional or might have to be offline for a small amount of time each da= y. > i have only just switched to freebsd so if any one has any links to some > docs or tools that would be helpful. thankyou. > Mike > > _________________________________________________________________ > FREE pop-up blocking with the new MSN Toolbar - get it now! > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > -- Pietro Cerutti Beansidhe - SwiSS Death / Thrash Metal Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?"