From owner-freebsd-questions@FreeBSD.ORG Sat Aug 13 18:02:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 628D616A41F for ; Sat, 13 Aug 2005 18:02:38 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0150B43D49 for ; Sat, 13 Aug 2005 18:02:37 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 5A3685F26; Sat, 13 Aug 2005 14:02:37 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47733-03; Sat, 13 Aug 2005 14:02:36 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-79-217.ny325.east.verizon.net [68.161.79.217]) by pi.codefab.com (Postfix) with ESMTP id 8C1B25C34; Sat, 13 Aug 2005 14:02:35 -0400 (EDT) Message-ID: <42FE35C1.1040101@mac.com> Date: Sat, 13 Aug 2005 14:02:41 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050801 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bryan Maynard References: <200508131235.48889.bryan.maynard@reallm.com> In-Reply-To: <200508131235.48889.bryan.maynard@reallm.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions@freebsd.org Subject: Re: Asking the experts. . . X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Aug 2005 18:02:38 -0000 Bryan Maynard wrote: > I'm setting up a web/mail/source coude server for my open source project > and am using FreeBSD. > > My first concern is security. I read through the appropriate area of the > Handbook and really enjoyed it. However, I do not know what suid, guid, > and the like are. I've look up the man pages, but am still confused. It > seems like the suid bit means that only the file owner can execute the > file. Is this true? Nope. "setuid" means that the program runs with the effective permissions of the userid who owns the file, rather than with the permissions of the user who runs the command. > Also, does anyone have any security tips? I am new > to all this and so am looking for as much info as possible. I would > like to get a (few) book(s) on FreeBSD and security - any > recommendations? Sure. First security tip: don't run PHP. Next, install portaudit and update your ports when it identifies an issue. > My second concern is performance. I read the tuning man page and was a > little confused. Could anyone help me with this? Reasources and/or > advice would be great. FreeBSD is likely to perform fine for a wide variety of loads, without any tuning effort on your part. Until you notice your machine getting busy enough to care about, don't worry about performance. Then start my monitoring the system, and tuning the bottlenecks which show up by measurement. The other tip: add more memory. > I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also > need an email server. I will need mailing lists. I would like to > support IMAP, but am unfamiliar with it. I understand POP3 as I have > dealt with it for a while. What are the tradeoffs and/or advantages of > IMAP? I know IMAP is supposed to be "newer" and "better", but how? IMAP supports people reading mail from multiple clients, so things like deleting mail on your phone, and having it stay deleted when you look from your desktop work. Install an IMAP server (Cyrus? imap-uw? courier?), and install Mailman for mailing lists. FreeBSD comes with sendmail, which works just fine but has a poor security history; keep FreeBSD itself up-to-date if you use sendmail. Otherwise, postfix is a common replacement MTA, and it integrates well with amavis/clamav/spamassasin for anti-virus/anti-spam filtering. > In addition to mailing lists, contributors will also get e-mail addresses > for the project. I'd like to use ClamAV for e-mail virus protection - > but need some pointers for installation and configuration. cd /usr/ports/security/clamav make install ...follow the docs to enable clamd and freshclam in rc.conf. See "man clamscan". -- -Chuck