Server chroot jail-like advice

To: netbsd-users%netbsd.org@localhost
Subject: Server chroot jail-like advice
From: "Luis P. Mendes" <luislupe%gmx.com@localhost>
Date: Thu, 10 Oct 2019 16:10:24 +0100

Hi,


I've been using FreeBSD and it's jail system to power my server needs.
One jail for the database server, providing a unix socket that is null
mounted at other jails with webservers, mainly.

As I don't find many readings about this kind of setup in NetBSD, I'd
like to know what do you do regarding the need to secure a database
server, a webserver with php, for example.

Do you chroot each service?
Use ldd to find the missing components for the services to run?
Do it all by hand or is there an automation tools that helps?
How about the network stuff?  With jails and pf I can route some
traffic to a specific jail running some service.  How do you manage
this in NetBSD land?


--


Luis Mendes

Follow-Ups:
- Re: Server chroot jail-like advice
  - From: Julien Savard

Prev by Date: Re: isp(4) rescan
Next by Date: reboot on kernel load
Previous by Thread: dovecot nss_ldap getgrnam issue
Next by Thread: Re: Server chroot jail-like advice
Indexes:

Home | Main Index | Thread Index | Old Index