Mike Tancsa wrote:
At 12:02 PM 3/7/2008, Darran wrote:
Hello all,
I want to run a (FreeBSD 7) server facing the internet and running
Apache and
wondered if its safe out of the box .. so to speak ?
Yes, today it is. But that does not necessarily mean you will not
need to do updates, apply patches, perhaps change your configuration
to deal with new threats. In my experience, FreeBSD makes the later
part easier than Windows or Linux (IMHO and experience)
Do i have to do a degree in configuration to allow it to face the
wild west
(internet) ?
I also want to use it for storage of media and serving of media ..
using windows
and freebsd clients .. is it possible .. again .. out of the box ?
If you mean turn it on, click a few buttons and "it works" ? no. You
will need to install and configure samba and apache.
e.g.
cd /usr/ports/net/samba3;make install
will get the application installed, but you still need to configure it
and later maintain it. With Windows, I find you can initially get
things working without understanding how it works. But when you run
into problems, you wont understand how to fix them. In general I find
with FreeBSD, you are expected to understand some basics, but you are
then better prepared to understand the problems you will face in
running a server....
That being said, the defaults FreeBSD 7.0 it comes with are pretty
sane and you should be able to get going quickly to the point where
you are doing "stuff"
---Mike
_
I would agree with the following caveats:
ONLY allow ssh logins, ONLY using public key auth., and never directly
to root.
Careful with guest access under SAMBA
While Apache at this point is reasonably secure, there are a ton of apps
that you can run under it that aren't. I'm thinking of many PHP based
in general, and most of the forum apps in particular. Be sure to
research the security history of web apps (or anything that opens up a
port listener). Sign up for the mailing list of what you install, so
you'll be alerted to security updates.
Consider running a file modification detector like aide or tripwire.
They won't keep you from getting owned, but they'll tell you if it happens
A little light reading
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-intro.html
http://www.onlamp.com/pub/a/bsd/2002/08/08/FreeBSD_Basics.html
http://httpd.apache.org/docs/2.2/misc/security_tips.html
jim
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"