Does geom_raid1e support raid10e?
Hello, I want to know if geom_raid1e support raid10e level too. The difference between them is that 1e duplicates the 32-64-128-whatever block data size in all n disks in the raid1e but raid10e only between n/2 and n (a try to show it below), making raid10e bigger and more flexible than plains raid1/raid1e or raid10 respectively. In raid1e: Disk D1 D2 D3 D4 D5 Block a1 a1 a1 a1 a1 Block a2 a2 a2 a2 a2 Block a3 a3 a3 a3 a3 In raid10e: Disk D1 D2 D3 D4 D5 Block a1 a1 a1 a2 a2 Block a2 a3 a3 a3 a4 Block a4 a4 a5 a5 a5 In these examples, with block size of 128KB, raid1e will survive to fail of 4 disks and stores 128*3 = 384 KB; raid10e will survive to fail of 2 disks and stores 128*5 = 640 KB. In some literature, raid10e duplicates between 2 and n disks. --- --- Eduardo Morras emorr...@yahoo.es ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD software installation problems
On Wed, 17 Jul 2013 00:32:28 +0800 (CST) chenjunbing1234 chenjunbing1...@126.com wrote: questi...@freebsd.org Iknowvery littleEnglish, and Iwant to learnfreebsd,I was underftp://ftp.freebsd.org/pub/FreeBSD/doc/zh_CN.GB2312/books/handbook/above tutorialto installand preparation, andmeta lot of problems,Imade athreehttp://bbs.chinaunix.net/forum-5-1.htmlforumpostingsentitled:novicestep by stepinstallFreeBSD-9.0-RELEASE,not many peopleto helpMymainproblemis the softwareinstalled,I hopeto get your help. What problems did you met? I don't understand chinese, sorry. What do you try to install? The page http://bbs.chinaunix.net/forum-5-1.htmlforumpostingsentitled:novice doesn't exist. Perhaps PC-BSD may help you to install it. --- --- Eduardo Morras emorr...@yahoo.es ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Adding another mirror to existing ZFS-root mirror?
It should boot, although i havent run that configuration myself so cant say for certain have a look at gpart backup and restore for the labels, as you might as well make them the same and expand any swap space across all four drives. DOnt forget to install the bootloader as well Alternatively you could just give the raw disks to zfs On 15 July 2013 17:23, Scott Ballantyne s...@ssr.com wrote: Hi, I have the current situation: sdb@gigawattmomma$ zpool status zroot NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 gpt/disk0 ONLINE 0 0 0 gpt/disk1 ONLINE 0 0 0 I boot directly from this. This article from Oracle: http://docs.oracle.com/cd/E19253-01/819-5461/gazgw/index.html implies I can add two more disks to the zroot pool with a zpool add zroot mirror disk2 disk3 to get zroot mirror-0 gpt/disk0 gpt/disk1 mirror-1 gpt/disk2 gpt/disk3 My questions: 1) Will booting still work? What do I need to do to make sure I can still boot up the system? Perhaps related: 2) How do I use gpart to prep these disks? The current mirror has the usual three partitions (freebsd-boot, freebsd-swap and freebsd-zfs), with boot code installed, obviously. Do I need to do that with the second mirror, or can I just use the whole thing for a freebsd-zfs filesystem? Sorry this was a bit long. Thanks in advance for any help. Best, Scott -- s...@ssr.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: to gmirror or to ZFS
You would in theory as from what i remember every zfs filesystem takes up 64 kb of ram, so the savings could be massive 8) On 16 July 2013 10:41, Shane Ambler free...@shaneware.biz wrote: On 16/07/2013 14:41, aurfalien wrote: On Jul 15, 2013, at 9:23 PM, Warren Block wrote: On Mon, 15 Jul 2013, aurfalien wrote: ... thats the question :) At any rate, I'm building a rather large 100+TB NAS using ZFS. However for my OS, should I also ZFS or simply gmirror as I've a dedicated pair of 256GB SSD drives for it. I didn't ask for SSD sys drives, this system just came with em. This is more of a best practices q. ZFS has data integrity checking, gmirror has low RAM overhead. gmirror is, at present, restricted to MBR partitioning due to metadata conflicts with GPT, so 2TB is the maximum size. Best practices... depends on your use. gmirror for the system leaves more RAM for ZFS. Perfect, thanks Warren. Just what I was looking for. I doubt that you would save any ram having the os on a non-zfs drive as you will already be using zfs chances are that non-zfs drives would only increase ram usage by adding a second cache. zfs uses it's own cache system and isn't going to share it's cache with other system managed drives. I'm not actually certain if the system cache still sits above zfs cache or not, I think I read it bypasses the traditional drive cache. For zfs cache you can set the max usage by adjusting vfs.zfs.arc_max that is a system wide setting and isn't going to increase if you have two zpools. Tip: set the arc_max value - by default zfs will use all physical ram for cache, set it to be sure you have enough ram left for any services you want running. Have you considered using one or both SSD drives with zfs? They can be added as cache or log devices to help performance. See man zpool under Intent Log and Cache Devices. __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: to gmirror or to ZFS
not recommended anymore you should run SU+J if your version supports it On 17 July 2013 00:08, Nikos Vassiliadis nv...@gmx.com wrote: On 07/16/13 21:27, Johan Hendriks wrote: Op dinsdag 16 juli 2013 schreef Charles Swiger (cswi...@mac.com) het volgende: Hi-- On Jul 16, 2013, at 10:33 AM, Johan Hendriks joh.hendr...@gmail.com** javascript:; wrote: [ ... ] I would us a zfs for the os. I have a couple of servers that did not survive a power failure with gmirror. The problems i had was when the power failed one disk was in a rebuilding state and then when the background fsck started or was busy for some time it would crash the whole server. Well, don't do that. :-) When the server reboots because of a powerfailure at night, then it boots. Then it starts to rebuild the mirror on its own, and later the fsck kicks in. Not much i can do about it. You could add geom_journal which will minimize the time of fsck to a second or something like that. Then you don't have to use background fsck anymore. Actually geom_journal's manual page mentions an interesting side-effect of geom_journal over a geom_mirror: you can turn off component synchronization. Geom_journal will re-play last writes so whatever was changed just before the crash will be re-written to both disks. I haven't used this but it makes sense in theory. Maybe i should have done it without the automatic attachment for a new device. I always turn off automatic synchronization or stale components as well. It seems to me that people don't really use geom_journal or maybe they just don't talk about it like it's some sort of secret:) just my two cents, Nikos __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rsyslog
ls /usr/local/share/examples/rsyslog/ rsyslog-example.conf thanks! Is there a pre-configured rsyslog.conf? That file missed all base config like /var/log/messages /var/log/maillog thanks Pol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
[bsdinstall] Precise disk slicing
Hi, Previously in the sysinstall there was possible to define the start and the end LBA addresses of the new slice (new MBR partition). I didn't find how to do that in the bsdinstall. Is it possible? Thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
LC_CTYPE=fr_FR.ISO8859-1 with xterm - still French accented characters are corrupted
I tried, in tcsh: % setenv |grep FR XTERM_LOCALE=fr_FR.ISO8859-1 LC_CTYPE=fr_FR.ISO8859-1 but the accented French characters are corrupted, e.g. in /usr/ports/french/aster/pkg-descr. I built xterm with % make -C /usr/ports/x11/xterm showconfig === The following configuration options are available for xterm-296: 256COLOR=on: Enable 256-color support DABBREV=off: Enable support for dabbrev-expand DECTERM=off: Enable DECterm Locator support GNOME=off: GNOME desktop environment support LUIT=on: Use LUIT for locale convertion from/to UTF-8 PCRE=on: Use Perl Compatible Regular Expressions SIXEL=on: Enable Sixel graphics support WCHAR=on: Enable wide-character support === Use 'make config' to modify these settings I usually can read russian with either ru_RU.KOI8-R or en_US.UTF-8 in xterm, so I think the xterm is set up correctly to view 8-bit characters. Please advise Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: LC_CTYPE=fr_FR.ISO8859-1 with xterm - still French accented characters are corrupted
* Anton Shterenlikht me...@bris.ac.uk [2013-07-17 13:14 +0100]: I tried, in tcsh: % setenv |grep FR XTERM_LOCALE=fr_FR.ISO8859-1 LC_CTYPE=fr_FR.ISO8859-1 but the accented French characters are corrupted, e.g. in /usr/ports/french/aster/pkg-descr. I built xterm with % make -C /usr/ports/x11/xterm showconfig === The following configuration options are available for xterm-296: 256COLOR=on: Enable 256-color support DABBREV=off: Enable support for dabbrev-expand DECTERM=off: Enable DECterm Locator support GNOME=off: GNOME desktop environment support LUIT=on: Use LUIT for locale convertion from/to UTF-8 PCRE=on: Use Perl Compatible Regular Expressions SIXEL=on: Enable Sixel graphics support WCHAR=on: Enable wide-character support === Use 'make config' to modify these settings I usually can read russian with either ru_RU.KOI8-R or en_US.UTF-8 in xterm, so I think the xterm is set up correctly to view 8-bit characters. Doesn't fr_FR.UTF8 work? Elimar -- Do you smell something burning or ist it me? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Bill Paul's network drivers
Hi I'm considering learning how to build drivers, so I can make my Lenovo S400 wireless card get detected by FreeBSD. The Architecture Handbook cites these Bill Paul's network drivers. 9.5 Network Drivers: Drivers for network devices do not use device nodes in order to be accessed. Their selection is based on other decisions made inside the kernel and instead of calling open(), use of a network device is generally introduced by using the system call socket(2). For more information see ifnet(9), the source of the loopback device, and Bill Paul's network drivers. Where can I find those Bill Paul's network drivers? Cheers, Michel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sizzling Summer Sale- 13 plate
Visit Vanman: http://enews.vansdirect.co.uk/NLI/LE35.ashx?a=CFD08998917CF420AB80DD08B077146Fb=FBFBD3EA1310D30E0FC86061384EDB29 OR call 0845 021 Sizzling Summer Prices - Ask about Air Conditioning options for your van - Sale on 13 plate vans: - Peugeot Partner - 1.6 S - Free plus pack - £115 per month - Citroen Berlingo Enterprise - 1.6HDi - Only £129 per month - Transit Custom - 270 SWB L/R 100ps - Only £185 per month - Transit 280 SWB - Trend L/R 125ps - Only £195 per month - Citroen Relay 35 - LWB 2200 Hdi - Only £199 per month - Nissan Navara 2.5 dCi - From £205 per month All of these vehicles are in stock on 13 plates - call us for more stock vehicles Also, Don't miss this exclusive offer:- - Vauxhall Vivaro - SWB Sportive - in Black - Free ply-lining (Exclusive offer - 13 plates in stock- MUST go now - click here to view offer) VanMan is a trading name of Vansdirect | Company Number. 6971144 Vansdirect Ltd, 3 Links Court, Fortran Road, St Mellons, Cardiff, CF3 0LT. Registered in England Wales 6971144 This message was sent to freebsd-questions@freebsd.org; We hope you found it relevant. However, if you'd rather not receive future e-mails from us, please visit the opt-out link by clicking http://enews.vansdirect.co.uk/NLI/ManageProfile.aspx?a=58B90E03A6649BB336431844D7CAA782b=FBFBD3EA1310D30E0FC86061384EDB29 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bill Paul's network drivers
On Wed, 17 Jul 2013, Michel Behr wrote:
Hi
I'm considering learning how to build drivers, so I can make my Lenovo S400
wireless card get detected by FreeBSD.
The Architecture Handbook cites these Bill Paul's network drivers.
9.5 Network Drivers: Drivers for network devices do not use device nodes in
order to be accessed. Their selection is based on other decisions made
inside the kernel and instead of calling open(), use of a network device is
generally introduced by using the system call socket(2).
For more information see ifnet(9), the source of the loopback device, and
Bill Paul's network drivers.
Where can I find those Bill Paul's network drivers?
In the source tree, mostly:
find /usr/src -path */sys/dev/* -exec grep -l Bill Paul {} \+
Joseph Kong's book FreeBSD Device Drivers will likely be useful, too:
http://nostarch.com/bsddrivers.htm
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: LC_CTYPE=fr_FR.ISO8859-1 with xterm - still French accented characters are corrupted
On Wed, 17 Jul 2013 15:38:53 +0200, Elimar Riesebieter wrote: * Anton Shterenlikht me...@bris.ac.uk [2013-07-17 13:14 +0100]: I tried, in tcsh: % setenv |grep FR XTERM_LOCALE=fr_FR.ISO8859-1 LC_CTYPE=fr_FR.ISO8859-1 but the accented French characters are corrupted, e.g. in /usr/ports/french/aster/pkg-descr. I built xterm with % make -C /usr/ports/x11/xterm showconfig === The following configuration options are available for xterm-296: 256COLOR=on: Enable 256-color support DABBREV=off: Enable support for dabbrev-expand DECTERM=off: Enable DECterm Locator support GNOME=off: GNOME desktop environment support LUIT=on: Use LUIT for locale convertion from/to UTF-8 PCRE=on: Use Perl Compatible Regular Expressions SIXEL=on: Enable Sixel graphics support WCHAR=on: Enable wide-character support === Use 'make config' to modify these settings I usually can read russian with either ru_RU.KOI8-R or en_US.UTF-8 in xterm, so I think the xterm is set up correctly to view 8-bit characters. Doesn't fr_FR.UTF8 work? That probably won't matter. The characters in that file are normal 1-byte characters (ISO), not 2-byte ones (UTF-8). I have built xterm with no special options and can see them properly. For comparison: % echo $XTERM_LOCALE en_US.ISO8859-1 % echo $LC_CTYPE de_DE.ISO8859-1 % make -C /usr/ports/x11/xterm showconfig === The following configuration options are available for xterm-282: DABBREV=off: Enable support for dabbrev-expand DECTERM=off: Enable DECterm Locator support GNOME=off: GNOME desktop environment support LUIT=on: Use LUIT for locale convertion from/to UTF-8 PCRE=off: Use Perl Compatible Regular Expressions WCHAR=on: Enable wide-character support === Use 'make config' to modify these settings I assume you have all neccessary _fonts_ installed? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help to secure my FreeBSD/Apache installation
Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
Hi, Reference: From: Andy Wodfer wod...@gmail.com Date: Wed, 17 Jul 2013 23:11:27 +0200 Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, To quote front page of http://www.freebsd.org: * Production: 9.1 * Legacy: 8.4 My net. con. is too slow right now to check this for you, but look yourself, I bet FreeBSD-8.1 was long ago declared by security-officer@ as not supported as too old, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy Upgrade to 8.4 or 9.1, Reinstall new versions of all ports, cd /usr/ports/ports-mgmt/portaudit ; make install ; rehash ; portaudit ; # (Which is in 9.1 not in 8.2) port-audit Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with . Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
Hi, Reference: From: Julian H. Stacey j...@berklix.com Date: Wed, 17 Jul 2013 23:38:51 +0200 Julian H. Stacey wrote: Hi, Reference: From: Andy Wodfer wod...@gmail.com Date: Wed, 17 Jul 2013 23:11:27 +0200 Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, To quote front page of http://www.freebsd.org: * Production: 9.1 * Legacy: 8.4 My net. con. is too slow right now to check this for you, but look yourself, I bet FreeBSD-8.1 was long ago declared by security-officer@ as not supported as too old, Re version numbers: Your 8.1 STABLE does not exist ! Only 8 Stable, 8.1-RELEASE, 8.2-RELEASE, etc. http://www.freebsd.org/security/unsupported.html 8.1 8.2 not supported. http://www.freebsd.org/security/index.html#sup 9.1-RELEASE has /usr/ports/www/apache22/work/httpd-2.2.23 Upgrade to 8.4 or 9.1, Reinstall new versions of all ports, cd /usr/ports/ports-mgmt/portaudit ; make install ; rehash ; portaudit ; # (Which is in 9.1 not in 8.2) port-audit Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with . Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SOLVED [WAS: Re: LC_CTYPE=fr_FR.ISO8859-1 with xterm - still French accented characters are corrupted
Date: Wed, 17 Jul 2013 22:57:34 +0200 From: Polytropon free...@edvax.de To: Elimar Riesebieter riese...@lxtec.de Subject: Re: LC_CTYPE=fr_FR.ISO8859-1 with xterm - still French accented characters are corrupted On Wed, 17 Jul 2013 15:38:53 +0200, Elimar Riesebieter wrote: * Anton Shterenlikht me...@bris.ac.uk [2013-07-17 13:14 +0100]: I tried, in tcsh: % setenv |grep FR XTERM_LOCALE=fr_FR.ISO8859-1 LC_CTYPE=fr_FR.ISO8859-1 but the accented French characters are corrupted, e.g. in /usr/ports/french/aster/pkg-descr. I built xterm with % make -C /usr/ports/x11/xterm showconfig === The following configuration options are available for xterm-296: 256COLOR=on: Enable 256-color support DABBREV=off: Enable support for dabbrev-expand DECTERM=off: Enable DECterm Locator support GNOME=off: GNOME desktop environment support LUIT=on: Use LUIT for locale convertion from/to UTF-8 PCRE=on: Use Perl Compatible Regular Expressions SIXEL=on: Enable Sixel graphics support WCHAR=on: Enable wide-character support === Use 'make config' to modify these settings I usually can read russian with either ru_RU.KOI8-R or en_US.UTF-8 in xterm, so I think the xterm is set up correctly to view 8-bit characters. Doesn't fr_FR.UTF8 work? That probably won't matter. The characters in that file are normal 1-byte characters (ISO), not 2-byte ones (UTF-8). I have built xterm with no special options and can see them properly. *skip* I assume you have all neccessary _fonts_ installed? oh.. fonts! I realised I have russian fonts in .Xdefaults. I removed those and now can see accented characters fine. Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
On Wed, 17 Jul 2013 23:11:27 +0200, Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. Those are typical (and known) attack vectors. Make sure you're always up to date regarding fixes! I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! This implies you cannot know in how far your system has been compromized. I'd suggest a new installation. Make backups of user files and configurations. Make sure you audit them (so you won't re-install a possible backdoor after a clean install). I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? At least it is a _working_ idea. If it is actually a good idea depends on many different factors. Jails are a good means of separation. Sometimes, using simple user accounts is sufficient, but especially regarding complex web content (such as CMS, stuff that involves PHP and whatnot) the more security you can add, the better it is. Also install portaudit to check for security fixes that have been made available for the software you're running. Apply restrictions as hard as possible. If programs want write access to specific directories, try to make then writable per uer accounts, not within the global tree structure (or even within system directories). The nobody user can also be helpful (regarding on what you are running). If you can separate the different CMSs and sites, a possible security breach will be restricted to that only instance. It can be taken down without affecting the other sites. But also: Educate your users. In order to do that, use money. Make them pay. ;-) PS. Allow me a short addition, I know people will beat me with a pointed stick for mentioning it, but: There are no folders. This term is wrong. What you mean are called directories. A folder is the name of one visual representation (among others) of a directory in a graphical user interface. It _is_ not a directory and it is not similar to one. It's comparable to the relation of the handbrake light in your car's dashboard vs. the real handbrake. Don't claim your handbrake light isn't working when in fact your handbrake is broken. :-) Bottom line: Directory correct, folder plain wrong. You don't call files sheets of paper either. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
