Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

Re: FN-FORUM: DNS chrooted - should I bother?

date posted 1st November 2003 00:22


Cheers Alex,=20

belt, braces, and supplementary string to be applied! on everything.


Ok suplementary questions,=20
The server is to host a number of database driven sites (PHP/Mysql), and =
email=20
for the associated domains, this will use spamassasin and clam AV with=20
postfix, and GPG for secure email. =20
The box needs to do its own pimary DNS, with the secondary being provided=
by=20
my ISP.
So.... should I think about djdbns? I think that my ISP is using BIND, so=
I=20
thought that it would be sensible to use it too. but I guess thas a bit =
like=20
using red hat all the time.
B**ls - just read the bit that says that I would need to have access to =
the=20
ISPs DNS server (my secondary) - No Chance.

so its bind then! Chrooted.=20

I need to be able to allow some access to ftp from dreamweaver for some o=
f my=20
clients, I looked at their method of SSL - using putty and plink, and my=20
users won't be upto it. =20

What are your suggestions for an ftp package? which ones can be run as a=
n=20
unprivilidged user rather than root? =20

and how can I make that more secure ? ( assume I will have done the basic=
s -=20
no anonymous etc)=20

The thing that worries me is that I will have to give the user acess to p=
hp =20
pages which may allow all sorts of nasties and if I was thinking of black=
=20
hats that would be an easy way to inject malicious code, becuse the ftp=
=20
service is so inherently vulnerable, and just about all of the dangerous =
php=20
permissions are global, and the paranoid settings that most ISPs offer is=
why=20
I need to run my own sever!
obviously you have to assume that an oridinary ftp login is completely=20
isecure, Could I implement a system which ran completely isolated from t=
he=20
rest of the file structure ?
Then I can identify the user in some other way in order to validate thier=
=20
changes? it means keeping two copies but what the hell!

Third question - one which I haven't looked in detail at yet - do you kno=
w of=20
any good references on how to secure MySQL?

Ta=20
Carrie

Messages by Day
November 30th 2003
November 29th 2003
November 28th 2003
November 27th 2003
November 26th 2003
November 25th 2003
November 24th 2003
November 23rd 2003
November 22nd 2003
November 21st 2003
November 20th 2003
November 19th 2003
November 18th 2003
November 17th 2003
November 16th 2003
November 15th 2003
November 14th 2003
November 13th 2003
November 12th 2003
November 11th 2003
November 10th 2003
November 9th 2003
November 8th 2003
November 7th 2003
November 6th 2003
November 5th 2003
November 4th 2003
November 3rd 2003
November 2nd 2003
November 1st 2003


Messages by Month
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000