OT:chroot on a webserver? and hlfs roadmap. Security beginner's question.

R.Welz linuxprodukte at gmx.de
Thu Oct 7 23:37:59 PDT 2004


Hello.
Please excuse me if this posting is off-topic but I don't know whom to 
ask. If appropriate please tell me the right place to ask.

I am going to set up my 2nd webserver ever and I just had the idea to 
chroot everything what is connected to the internet. But does this 
really make sense?

- chroot Apache2,
- same with OpenSSH, sftp,
- what about PHP and Perl?
- e-mail server ( I'm not quite shure which one yet, since I never set 
up an email server before, probably sendmail)
- Bind9

Since I plan to delve into hlfs really soon, my web server must be 
router for DSL (PPPoE) and firewall, too and gets connected with my 
bureau (intranet) over a 2nd NIC.

This way I get a spare computer which runs all that routing, firewall 
etc stuff at the moment ( a proprietary product, which is quite 
unsatisfactory).

Or would that be a bad Idea to have a web server as router and firewall 
for an intranet ? I mean I cannot have a dmz since I don't have enough 
computers but  there is only a Mac with 1 TB of valuable data like 
rendered film material and all my e-mail.

And last question... Is there some roadmap when it is possible for me 
to start with hlfs and a 2.6.x kernel? I mean I would accept any alpha 
or beta release but I don't want to start with the hlfs book and the 
2.6 kernel all on my own. I am an experienced software developer but I 
don't know if I am that good to do all that testing stuff giving me 
errors over errors on my own. Any suggestion when I should invest my 
spare time in that project wich a chance to succeed with Kernel 2.6.x ?

Ideas and/or suggestions on the last question would be very cool, since 
I really want to start with hlfs (I read the 2004-06-07 book) but I 
hardly see a chance to succeed with Linux-Kern 2.6).

Answers on the topmost questions would be great to help me set up a 
playground to learn PHP and PostgreSQL in  a way to learn how to 
implement a web database under 'real - life' conditions. BTW, my URL is 
literatur.dyndns.biz. (Sorry, all in german.)

Suggestions welcome.

Robert





More information about the hlfs-dev mailing list