From owner-freebsd-isp  Sat Aug 25  6:33:19 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mail4.txucom.net (mail4.txucom.net [207.70.175.17])
	by hub.freebsd.org (Postfix) with SMTP id 857FB37B406
	for <freebsd-isp@FreeBSD.org>; Sat, 25 Aug 2001 06:33:15 -0700 (PDT)
	(envelope-from bob@buckhorn.net)
Received: (qmail 6091 invoked from network); 25 Aug 2001 13:33:14 -0000
Received: from lfkn-adsl-dhcp-net1-159.txucom.net (HELO buckhorn.net) ([207.70.145.159]) (envelope-sender <bob@buckhorn.net>)
          by mail4.txucom.net (qmail-ldap-1.03) with SMTP
          for <haribeau@gmx.de>; 25 Aug 2001 13:33:14 -0000
Message-ID: <3B87A920.91B65648@buckhorn.net>
Date: Sat, 25 Aug 2001 08:33:20 -0500
From: Bob Martin <bob@buckhorn.net>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Clemens Hermann <haribeau@gmx.de>
Cc: BSD-ISP <freebsd-isp@FreeBSD.org>
Subject: Re: apache jail
References: <20010825113754.A1025@homer.local>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Clemens Hermann wrote:
> 
> Hi,
> 
> how can I send each apach virtual-host into somthing like a jail? I have
> several vhosts sharing one IP so the apache could not be run inside the
> jails, right?
> Furthermore I would like to keep things as much as possible as they are,
> the only goal is to avoid, that php-scripts and thelike can access the
> system (e.g access the /etc/passwd to read it etc.).
> 
> is there any information available how to do this?
> 
> tia
> 
> /ch
> 
The solution that Andrew Matheson post works well if you really want to
use a jail. There is a lot of initial work in creating jails, and jails
use a lot of hard drive space.

The easiest approach is to use good security. There is an abundant
amount of security documentation for apache and php on the net. More
over, if you read all the docs that come with both apache and php,
you'll find lots of useful information.

Spend some time making sure that the base system is secure. Best
practices like frequently changing privileged passwords, and reading
logs will serve you well in the long run.

Unfortunately, there are no shortcuts to security.

Bob Martin
-- 
But in our enthusiasm, we could not resist a radical overhaul of the
system, in which all of its major weaknesses have been exposed,
analyzed, and replaced with new weaknesses.
    -- Bruce Leverett, "Register Allocation in Optimizing Compilers"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message