Date: Wed, 23 Apr 2003 16:15:20 -0700 From: "Peter" <pfak@telus.net> To: <freebsd-hackers@freebsd.org> Subject: Keeping a large shellbox stable and secure Message-ID: <001901c309ee$36029070$c601a8c0@oxygen>
next in thread | raw e-mail | index | archive | help
Hello, I'm going to be starting to run a large shell box again, about 900 users (basically free shell accounts, crazy isn't it?). I would like to avoid the same mistakes I made before, my system was pretty secure (I'm running FreeBSD, and I keep everything up to date and tuned). I had a problem with the boxes crashing a lot, and in this case the box will no longer be hosted at my house, but by an ISP, they are also sponsoring it so it won't be "supported", which means that I will have to buy a reboot switch (one time fee of $50), but I would like to avoid having to hard reset the box all the time. Are there any methods that have been proven to work in keeping your system stable, so that is harder to crash. I found that even when I was using login.conf, the system would crash a lot from people running programs that would use excessive system resources to attempt to crash the system and so forth. Are there any proven methods that you have used? System tweaks, etc. That seem to work under high system loads? Such as sysctl.conf, rc.conf, etc. What programs would you recommend to install on the system, kernel patches, etc? That have helped you maintain a highly loaded, and a box that will come under scrutiny from people try to attack, crack it, crack from it, flood from it, etc. Would ipfw2 or Ipfilter be better? Should I run RELENG_4 or RELENG_4_8. Any ideas would be appreciated. Basically, I'm attempting to make this box as stable and secure as possible. Anything would be appreciated. Thanks, (Sorry if I posted this to the wrong list) -- Peter Kieser
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001901c309ee$36029070$c601a8c0>