| 1 |
On 18-Aug-11 20:22, Grant wrote: |
| 2 |
>>>> Just to counter all of the scary stories, |
| 3 |
>> |
| 4 |
>> I do run dns with www on the same server (in addition to ftp, |
| 5 |
>> mail, and a few more things), but each of those services in |
| 6 |
>> its own vserver-guest... |
| 7 |
> |
| 8 |
> Are those vserver-guest instances for security? I didn't know people |
| 9 |
> used those for each service they run on the same machine. |
| 10 |
|
| 11 |
It is a kind of "better chroot". Some services are not easy |
| 12 |
to make running chrooted but can still run in vserver guest. |
| 13 |
|
| 14 |
I think it is good to have services running separated. |
| 15 |
If one of them gets compromised, others still keep running. |
| 16 |
One more extra layer of security, worth trying. The only |
| 17 |
service I'm running on "master-server" (host) is ssh on |
| 18 |
non-standard port, with pretty tight firewall rules... |
| 19 |
|
| 20 |
Jarry |
| 21 |
|
| 22 |
-- |
| 23 |
_______________________________________________________________ |
| 24 |
This mailbox accepts e-mails only from selected mailing-lists! |
| 25 |
Everything else is considered to be spam and therefore deleted. |
Archives