Date: Mon, 1 Feb 2010 20:57:13 -0500 (EST) From: Jeff Mitchell <skeezix@skeleton.org> To: freebsd-questions@freebsd.org Subject: How far to go with jailing? Message-ID: <20100201205427.T36480@fw.skeleton.org>
next in thread | raw e-mail | index | archive | help
Strikes me that setting up jails for bloody-well-every-other service might be 'fun' .. Jail the webserver; seems a logical break, and keep you honest for your partitioning. No more ~/public_html to access it I suppose, but much mroe secure for when people attack your wordpress etc. Jail the 'email services'; use fetchmail to pull down to the jail, and IMAP and POP3 to serve the mail even to local clients; nice clean email mini-server right there in the jail? Jail SMB-serving, so if attacked it still can only serve the content in the very well defined area. Jail the mailing list (mailman etc) .. keep things nice and clean. But is setting up a whole stack of jails a pain? a performance problem? or just un-necessary overkill? Or a good idea? jeff -- If everyone would put barbecue sauce on their food, there would be no war.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100201205427.T36480>