Freebsd jail for an small company - checklist - what shouldn't forget
Posted
by
cajwine
on Server Fault
See other posts from Server Fault
or by cajwine
Published on 2012-09-27T14:33:02Z
Indexed on
2012/09/27
15:39 UTC
Read the original article
Hit count: 268
Looking for an checklist for an "small company freebsd/jail server".
Having pretty common starting point:
- FreeBSD jail (remote/headless) for the company:
- public web, email, ftp server, and
- private (maybe in the future partially public) wiki (foswiki)
- 4 physical persons, (6 email addresses) + one admin - others will never use ssh)
- have already done usual hardening on the host side (like pf, sshguard etc).
- my major components are: dovecot, exim, apache22, proftpd, perl5.14.
Looking for an checklist, what I shouldn't forget. My plan:
- openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys)
- openssl self-signed certificate for apache (later will go for "trusted-signed" key)
My questions are:
is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service?
should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because:
- have only small count of users, and
- it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc.
- is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?)
any other recommendation?
Thank you, hoping that this question fit into the http://serverfault.com/faq under the:
- Server and Business Workstation operating systems, hardware, software
- Operations, maintenance, and monitoring
Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective.
related:
© Server Fault or respective owner