Date: Sun, 14 Aug 2005 00:17:23 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Bryan Maynard <bryan.maynard@reallm.com> Cc: freebsd-questions@freebsd.org Subject: Re: Asking the experts. . . Message-ID: <20050813221723.GB51183@slackbox.xs4all.nl> In-Reply-To: <200508131235.48889.bryan.maynard@reallm.com> References: <200508131235.48889.bryan.maynard@reallm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 13, 2005 at 12:35:48PM +0000, Bryan Maynard wrote: > It seems like the suid bit means that only the file owner can execute > the file. Is this true? No. It means that if this program is run (by any user) it will have their user id (uid) set to the owner of the programs binary, which is most usually root.=20 > Also, does anyone have any security tips? I am new=20 > to all this and so am looking for as much info as possible. I would=20 > like to get a (few) book(s) on FreeBSD and security - any=20 > recommendations? A short (but nowhere near exhaustive) list. - Use strong passwords. - Do not allow root to log in remotely. - Restrict physical access to the server. - Only install the software (ports) that you really need. - Activate one of the firewalls, and shut all the network ports that you do= n't need.=20 - Run servers as an unprivileged user. - Keep an eye on security updates. > My second concern is performance. I read the tuning man page and was a=20 > little confused. Could anyone help me with this? Reasources and/or=20 > advice would be great. Make it run first. Worry about performance later. =20 > I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also=20 > need an email server. I like Postfix better than the standard sendmail that FreeBSD comes with. > for the project. I'd like to use ClamAV for e-mail virus protection -=20 > but need some pointers for installation and configuration. If you install bogofilter or dspam, you will not only catch viruses, but also spam. Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --kXdP64Ggrk/fb43R Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC/nFzEnfvsMMhpyURAsEPAJ9BHZOIP0CjKj2Jtbu+0/7S9CIVIwCfbt+N ntD7BMOR5MifzgoEK61HPIE= =Q1Ob -----END PGP SIGNATURE----- --kXdP64Ggrk/fb43R--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050813221723.GB51183>