Sounds interesting. Got a URL? I think I may have heard mention of Docker on the list before, but don't recall it's web site address.
Thanks for the tip! --- Dan On Tue, Oct 14, 2014 at 12:16 AM, Ken Jordan <[email protected]> wrote: > You may want to look into Docker then if you're jailing everything. > Docker is pretty much AWESOME. It's designed to run applications in a > sandbox environment. Any command/daemon you can think of will probably > run inside a Docker container. I'm not great with it myself, but if > you take about 15 minutes and read the introductory docs you will see > this is what you're really looking for. > > Ken Jordan > [email protected] > > > On Tue, Oct 14, 2014 at 1:09 AM, Dan Egli <[email protected]> wrote: > > Hey plug folks, > > I was wondering if anyone had any good URLs for how-to's or FAQs that > > explain how to run Apache in a chroot jail. I'm in process of going > through > > my server configuration and moving everything possible into a chroot jail > > for the extra security. The way I figure it, if someone does manage to > hack > > into my SMTP server, or my IMAP server, or something like that, then at > > worst they get access to whatever is in that location, but don't get > access > > to anything critical. I'm guessing it reduces the likelihood of someone > > using my system as a jumping point for spam or other hacks. > > > > I've got the basic setup worked out for my mail servers and my DNS > server. > > The only other open TCP port on this machine (besides 22 for ssh, > > obviously) is http/80. I know Apache has a module for running things in a > > chroot environment (mod_root?) but I've never used it, nor until just > > recently tried to migrate things to a chroot environment. So I'm looking > > for documents that show the process. > > > > Any suggestions are welcome. Basically I'm trying to minimize the > exposure > > in case someone does try to hack me. :) > > > > --- Dan > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
