IMHO jail and SELinux are meant to provide additional security or to secure a server you have to run as root and cannot be proxied (like DNS, DHCP, TFTP, ...) and not as a replacement for a sane setup. apart from that SELinux can be quite a pita to configure - so this is not for the uninitiated. On Thu, Feb 17, 2011 at 9:08 AM, Okechukwu <okechukwu@gmail.com> wrote:
Jail & SELinux does all this for you :-)
./Ok3ch
On Thu, Feb 17, 2011 at 8:57 AM, Christian Ledermann <christian.ledermann@gmail.com> wrote:
The reason to run a webserver on a high port like 8080 is that running on a port higher than 1000 does not require root privileges, so when the application is compromised the intruder will only get the privileges of the user running that server.
Having said that, most servers are able to drop root privileges after they established connecting to the port (e.g. 80) so again an intruder will only get the privileges of an unprivileged user.
If the server is not able to drop privileges it is a VERY good idea to run it on a high port and proxy it by a server which is able to do this. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards,