OT:chroot on a webserver? and hlfs roadmap. Security beginner's question.
linuxprodukte at gmx.de
Thu Oct 7 23:37:59 PDT 2004
Please excuse me if this posting is off-topic but I don't know whom to
ask. If appropriate please tell me the right place to ask.
I am going to set up my 2nd webserver ever and I just had the idea to
chroot everything what is connected to the internet. But does this
really make sense?
- chroot Apache2,
- same with OpenSSH, sftp,
- what about PHP and Perl?
- e-mail server ( I'm not quite shure which one yet, since I never set
up an email server before, probably sendmail)
Since I plan to delve into hlfs really soon, my web server must be
router for DSL (PPPoE) and firewall, too and gets connected with my
bureau (intranet) over a 2nd NIC.
This way I get a spare computer which runs all that routing, firewall
etc stuff at the moment ( a proprietary product, which is quite
Or would that be a bad Idea to have a web server as router and firewall
for an intranet ? I mean I cannot have a dmz since I don't have enough
computers but there is only a Mac with 1 TB of valuable data like
rendered film material and all my e-mail.
And last question... Is there some roadmap when it is possible for me
to start with hlfs and a 2.6.x kernel? I mean I would accept any alpha
or beta release but I don't want to start with the hlfs book and the
2.6 kernel all on my own. I am an experienced software developer but I
don't know if I am that good to do all that testing stuff giving me
errors over errors on my own. Any suggestion when I should invest my
spare time in that project wich a chance to succeed with Kernel 2.6.x ?
Ideas and/or suggestions on the last question would be very cool, since
I really want to start with hlfs (I read the 2004-06-07 book) but I
hardly see a chance to succeed with Linux-Kern 2.6).
Answers on the topmost questions would be great to help me set up a
playground to learn PHP and PostgreSQL in a way to learn how to
implement a web database under 'real - life' conditions. BTW, my URL is
literatur.dyndns.biz. (Sorry, all in german.)
More information about the hlfs-dev