Bryan Maynard wrote:
I'm setting up a web/mail/source coude server for my open source project
and am using FreeBSD.
My first concern is security. I read through the appropriate area of the
Handbook and really enjoyed it. However, I do not know what suid, guid,
and the like are. I've look up the man pages, but am still confused. It
seems like the suid bit means that only the file owner can execute the
file. Is this true?
Nope. "setuid" means that the program runs with the effective permissions of
the userid who owns the file, rather than with the permissions of the user who
runs the command.
Also, does anyone have any security tips? I am new
to all this and so am looking for as much info as possible. I would
like to get a (few) book(s) on FreeBSD and security - any
recommendations?
Sure. First security tip: don't run PHP.
Next, install portaudit and update your ports when it identifies an issue.
My second concern is performance. I read the tuning man page and was a
little confused. Could anyone help me with this? Reasources and/or
advice would be great.
FreeBSD is likely to perform fine for a wide variety of loads, without any
tuning effort on your part. Until you notice your machine getting busy enough
to care about, don't worry about performance. Then start my monitoring the
system, and tuning the bottlenecks which show up by measurement.
The other tip: add more memory.
I am using Apache/PHP/MySQL, eGroupWare, and SubVersion so far. I also
need an email server. I will need mailing lists. I would like to
support IMAP, but am unfamiliar with it. I understand POP3 as I have
dealt with it for a while. What are the tradeoffs and/or advantages of
IMAP? I know IMAP is supposed to be "newer" and "better", but how?
IMAP supports people reading mail from multiple clients, so things like
deleting mail on your phone, and having it stay deleted when you look from your
desktop work.
Install an IMAP server (Cyrus? imap-uw? courier?), and install Mailman for
mailing lists. FreeBSD comes with sendmail, which works just fine but has a
poor security history; keep FreeBSD itself up-to-date if you use sendmail.
Otherwise, postfix is a common replacement MTA, and it integrates well with
amavis/clamav/spamassasin for anti-virus/anti-spam filtering.
In addition to mailing lists, contributors will also get e-mail addresses
for the project. I'd like to use ClamAV for e-mail virus protection -
but need some pointers for installation and configuration.
cd /usr/ports/security/clamav
make install
...follow the docs to enable clamd and freshclam in rc.conf. See "man
clamscan".
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"