Freebsd jail for an small company - checklist - what shouldn't forget
- by cajwine
Looking for an checklist for an "small company freebsd/jail server".
Having pretty common starting point:
FreeBSD jail (remote/headless) for the company:
public web, email, ftp server, and
private (maybe in the future partially public) wiki (foswiki)
4 physical persons, (6 email addresses) + one admin - others will never use ssh)
have already done usual hardening on the host side (like pf, sshguard etc).
my major components are: dovecot, exim, apache22, proftpd, perl5.14.
Looking for an checklist, what I shouldn't forget. My plan:
openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys)
openssl self-signed certificate for apache (later will go for "trusted-signed" key)
My questions are:
is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service?
should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because:
have only small count of users, and
it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc.
is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?)
any other recommendation?
Thank you, hoping that this question fit into the http://serverfault.com/faq under the:
Server and Business Workstation operating systems, hardware, software
Operations, maintenance, and monitoring
Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective.
related:
What's your suggested mail server configuration for a FreeBSD server?
