Written by Leigh Renfrow and last updated on 07/15/2005 - [ freebsd ]

MySQL is one of the most popular databases on the Internet. Besides its undoubted advantages, such as easy of use and relatively high performance, MySQL offers simple, but very effective security mechanisms. Unfortunately, the default installation of MySQL, and in particular the empty root password and the potential vulnerability to buffer overflow attacks, makes the database an easy target for attacks. This howto Covers: Installing MySQL Chrooting MySQL MySQL Permissions Configuring MySQL

Written by Leigh Renfrow and last updated on 07/15/2005 - [ freebsd ]

This is part 1 of our upcoming series on IPv6. In this article we will explain how to setup and configure a FreeBSD router and client for IPv6. In upcoming articles you will learn how to configure and setup Windows Clients as well as OpenBSD routers and clients.

Written by Leigh Renfrow and last updated on 06/01/2005 - [ freebsd | netbsd ]

Chrooting has been around for a long time now. Chrooting makes a program believe that the root of the file system is higher up in the hierarchy. For example, if I wanted to create a chroot in /chroot/httpd, a program executed from within the chroot would believe that "/chroot/httpd" was actually "/". There in lies the beauty as the program can't reach any files outside "/chroot/httpd". Security of the server as a whole is increased due to the fact that the system binaries are off limits. In addition, chroots usually only have the bare minimum files inside, so exploits have a harder time breaking in. Chroots can be broken out of. On FreeBSD, jail can also be used. Jail does the same as chroot, but on top of what chroot does, jail restricts what a process can do. One of the benefits of OpenBSD is the fact that apache comes chrooted by default, which is nice. But, that's not going to stop NetBSD or FreeBSD from doing this also. So, why chroot instead of jail? Jailing processes is actually a simple task. Basically I want to help you out with 2 areas in this article. The first is to get apache and php chrooted while working with a chrooted mysql. And the second, I hope you can figure out from this how to chroot your own processes. Once you figure out how to setup chroot trees, configuring jails should not be a challenge for you at all.

Written by Leigh Renfrow and last updated on 05/31/2005 - [ freebsd ]

Postfix is an attempt to provide an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and (hopefully) secure, while at the same time being sendmail-compatible enough to not upset your users.