-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Okey, lemme expand this a little bit, and even contradict you (while agreeing).
On Wed, Aug 09, 2006 at 01:32:42PM -0400, Jim Perrin wrote:
If you install something like Cpanel to a system, you're adding a level of complexity. You're stepping over what's provided in the base, and adding to it. This means you need to not only know the base inside and out, but you need to know Cpanel inside and out as well.
It is a bit more problematic than that. You are not only adding stuff, but you are also replacing (exim, apache) a part of the system.
- Minimal packageset.
Always a good thing to do, with or without a CP.
- Regular updates and backups.
Backups ! Backups !
- Config changes
Which is sad but true, specially for cPanel (can't say for sure with the other CPs).
As a side note, even Webmin will screwup your iptables settings if you enable bandwidth monitoring.
- Permissions:
Unix permissions by default are DAC style, where the user has the power to change permissions. Make sure that you stay on top of this and keep permissions in places like your webroot to a minimum to do the job. If you can, enable SELinux, which is MAC style based permission, which enforces restrictions no matter what the user does.
Also, take a look at POSIX ACLs. They are a bit more complex to use than unix permissions, but much more flexible.
Nice checklist, Jim.
Best Regards,
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)