From owner-freebsd-questions@FreeBSD.ORG Sun Nov 18 13:29:46 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1F517387 for ; Sun, 18 Nov 2012 13:29:46 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 6EBF98FC14 for ; Sun, 18 Nov 2012 13:29:38 +0000 (UTC) Received: from [10.0.10.3] ([173.88.197.103]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 18 Nov 2012 05:29:33 -0800 Message-ID: <50A8E2B4.9020806@a1poweruser.com> Date: Sun, 18 Nov 2012 08:29:24 -0500 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Polytropon Subject: Re: confessions of a FreeBSD purist References: <50A72E72.1000205@teksavvy.com> <20121118125125.85b2a49f.freebsd@edvax.de> In-Reply-To: <20121118125125.85b2a49f.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 18 Nov 2012 13:29:33.0638 (UTC) FILETIME=[BF23F660:01CDC590] X-Sender: fbsd8@a1poweruser.com X-Authenticated-Sender: fbsd8@a1poweruser.com X-EchoSenderHash: [fbsd8]-[a1poweruser*com] Cc: Matthew Pope , FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 13:29:46 -0000 Polytropon wrote: > On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote: >> However, I do need to run a web site again, and I am more than convinced >> on the superior performance, and hardening possible with FreeBSD bind, >> and Apache running in jails. However, I'd like to run FreeBSD in a >> VMWare or VirtualBox VMs. This gives me the ability to take snapshots >> to recover easily when I break something. Computing resources are like >> candy these days. My fast box has 4 screaming fast processors with 8 GB >> of RAM, and that is a three year old machine. There is no reason >> FreeBSD cannot run with adequate performance in a VM and run bind, and >> perhaps on another physical box, have a FreeBSD VM running Apache, both >> in jails. I know others are doing it. >> >> Could anyone be kind enough to recommend a free, or share their own >> FreeBSD VM image that has bind pre-configured in a jail, and / or an >> Apache web server pre-configured in a jail, for a non-commercial site? >> With this configuration I can revert after breaking something as an >> over-eager, semi-qualified system administrator. > > You should really invest the time needed to build and configure > the server software (!) you're going to use. In my opinion, it > is your responsibility to provide a secure service, as any idiot > can provide an insecure service. :-) > > The time you invest is well spent. Also note that there are tools > like ezjail and warden (PC-BSD's tool for managing jails, with GUI). > Of course there is sufficient documentation for installing and > configuring Apache. Nobody else than _you_ knows your requirements > best. You will benefit from tuning the required software yourself. > > Security is a process, not a state. Do not trust "3rd party VM > images", especially when you're going to instantiate a service > (like a web server) using them. Use paranoia for good. :-) > > Some hints: > > http://erdgeist.org/arts/software/ezjail/ > > http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/ > > http://wiki.pcbsd.org/index.php/WardenŽ > > Again, you should reconsider using VM images provided by others. > There is basically nothing wrong in running a FreeBSD server in > a VM on Linux, even though it might be valid as well to run > FreeBSD on "bare metal". But that depends on your requirements, > intentions, and energy bill. :-) > > > A far better tool to build jails is qjail, give it a try. http://qjail.sourceforge.net/ http://www.freebsd.org/cgi/ports.cgi?query=qjail&stype=all