Date: Sat, 25 Aug 2001 08:33:20 -0500 From: Bob Martin <bob@buckhorn.net> To: Clemens Hermann <haribeau@gmx.de> Cc: BSD-ISP <freebsd-isp@FreeBSD.org> Subject: Re: apache jail Message-ID: <3B87A920.91B65648@buckhorn.net> References: <20010825113754.A1025@homer.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Clemens Hermann wrote:
>
> Hi,
>
> how can I send each apach virtual-host into somthing like a jail? I have
> several vhosts sharing one IP so the apache could not be run inside the
> jails, right?
> Furthermore I would like to keep things as much as possible as they are,
> the only goal is to avoid, that php-scripts and thelike can access the
> system (e.g access the /etc/passwd to read it etc.).
>
> is there any information available how to do this?
>
> tia
>
> /ch
>
The solution that Andrew Matheson post works well if you really want to
use a jail. There is a lot of initial work in creating jails, and jails
use a lot of hard drive space.
The easiest approach is to use good security. There is an abundant
amount of security documentation for apache and php on the net. More
over, if you read all the docs that come with both apache and php,
you'll find lots of useful information.
Spend some time making sure that the base system is secure. Best
practices like frequently changing privileged passwords, and reading
logs will serve you well in the long run.
Unfortunately, there are no shortcuts to security.
Bob Martin
--
But in our enthusiasm, we could not resist a radical overhaul of the
system, in which all of its major weaknesses have been exposed,
analyzed, and replaced with new weaknesses.
-- Bruce Leverett, "Register Allocation in Optimizing Compilers"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B87A920.91B65648>