[nycbug-talk] New Webserver

[Matt Juszczak]

Hi all,

Been sick for a day or so so if my email sounds a bit choppy, sorry!

I'm about to setup (well, ok, I actually did just setup) a new webserver 
for my side ventures.  This server will have managed and self-managed 
webhosting.

In the past, I've never really chrooted and/or jailed processes - I have 
to do it once or twice per customer request, but never on my own boxes as 
a general security policy.  I'm usually really good at keeping boxes 
patched and up to date, etc.  But this box is going to have about 20 
webhosting customers - both managed and un managed.  Some of these users 
will of course be uploading their own content via SFTP or FTP, and for all 
I know the security of their PHP scripts, etc. may be "not so good".

What does everyone here usually do in securing those boxes?  Do you 
usually setup jails/chroots for the webserver processes, etc., or do you 
rely on internal settings in things like php.ini to maintain security for 
your public webservers?

Thanks!

-Matt