From owner-freebsd-questions@FreeBSD.ORG Sat Aug 13 22:17:31 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7360016A41F for ; Sat, 13 Aug 2005 22:17:31 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr9.xs4all.nl (smtp-vbr9.xs4all.nl [194.109.24.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id C877243D46 for ; Sat, 13 Aug 2005 22:17:30 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr9.xs4all.nl (8.13.3/8.13.3) with ESMTP id j7DMHO8u038318; Sun, 14 Aug 2005 00:17:24 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id BA7896325; Sun, 14 Aug 2005 00:17:23 +0200 (CEST) Date: Sun, 14 Aug 2005 00:17:23 +0200 From: Roland Smith To: Bryan Maynard Message-ID: <20050813221723.GB51183@slackbox.xs4all.nl> Mail-Followup-To: Bryan Maynard , freebsd-questions@freebsd.org References: <200508131235.48889.bryan.maynard@reallm.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kXdP64Ggrk/fb43R" Content-Disposition: inline In-Reply-To: <200508131235.48889.bryan.maynard@reallm.com> User-Agent: Mutt/1.4.2.1i X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: Asking the experts. . . X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Aug 2005 22:17:31 -0000 --kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 13, 2005 at 12:35:48PM +0000, Bryan Maynard wrote: > It seems like the suid bit means that only the file owner can execute > the file. Is this true? No. It means that if this program is run (by any user) it will have their user id (uid) set to the owner of the programs binary, which is most usually root.=20 > Also, does anyone have any security tips? I am new=20 > to all this and so am looking for as much info as possible. I would=20 > like to get a (few) book(s) on FreeBSD and security - any=20 > recommendations? A short (but nowhere near exhaustive) list. - Use strong passwords. - Do not allow root to log in remotely. - Restrict physical access to the server. - Only install the software (ports) that you really need. - Activate one of the firewalls, and shut all the network ports that you do= n't need.=20 - Run servers as an unprivileged user. - Keep an eye on security updates. > My second concern is performance. I read the tuning man page and was a=20 > little confused. Could anyone help me with this? Reasources and/or=20 > advice would be great. Make it run first. Worry about performance later. =20 > I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also=20 > need an email server. I like Postfix better than the standard sendmail that FreeBSD comes with. > for the project. I'd like to use ClamAV for e-mail virus protection -=20 > but need some pointers for installation and configuration. If you install bogofilter or dspam, you will not only catch viruses, but also spam. Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --kXdP64Ggrk/fb43R Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC/nFzEnfvsMMhpyURAsEPAJ9BHZOIP0CjKj2Jtbu+0/7S9CIVIwCfbt+N ntD7BMOR5MifzgoEK61HPIE= =Q1Ob -----END PGP SIGNATURE----- --kXdP64Ggrk/fb43R--