On 1 February 2010 20:57, Jeff Mitchell <skee...@skeleton.org> wrote: > > Strikes me that setting up jails for bloody-well-every-other service > might be 'fun' .. > > Jail the webserver; seems a logical break, and keep you honest for > your partitioning. No more ~/public_html to access it I suppose, but much > mroe secure for when people attack your wordpress etc. > > Jail the 'email services'; use fetchmail to pull down to the jail, > and IMAP and POP3 to serve the mail even to local clients; nice clean email > mini-server right there in the jail? > > Jail SMB-serving, so if attacked it still can only serve the content > in the very well defined area. > > Jail the mailing list (mailman etc) .. keep things nice and clean. > > But is setting up a whole stack of jails a pain? a performance > problem? or just un-necessary overkill? Or a good idea? >
I don't know about the performance, though given what I [believe I] know, if your machine is already running those serv[ice|er]s, the effect ranges from lightly noticeable to entirely negligible. You do have to keep track of the jails (& update when necessary), though I suppose if you can't write scripts to do the tedious bits you might be in the w rong business. I think it's a good idea, frankly. Lift and separate, as "they" said in the 1990s. -- -- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"