1 |
On 18-Aug-11 20:22, Grant wrote: |
2 |
>>>> Just to counter all of the scary stories, |
3 |
>> |
4 |
>> I do run dns with www on the same server (in addition to ftp, |
5 |
>> mail, and a few more things), but each of those services in |
6 |
>> its own vserver-guest... |
7 |
> |
8 |
> Are those vserver-guest instances for security? I didn't know people |
9 |
> used those for each service they run on the same machine. |
10 |
|
11 |
It is a kind of "better chroot". Some services are not easy |
12 |
to make running chrooted but can still run in vserver guest. |
13 |
|
14 |
I think it is good to have services running separated. |
15 |
If one of them gets compromised, others still keep running. |
16 |
One more extra layer of security, worth trying. The only |
17 |
service I'm running on "master-server" (host) is ssh on |
18 |
non-standard port, with pretty tight firewall rules... |
19 |
|
20 |
Jarry |
21 |
|
22 |
-- |
23 |
_______________________________________________________________ |
24 |
This mailbox accepts e-mails only from selected mailing-lists! |
25 |
Everything else is considered to be spam and therefore deleted. |