-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okey, lemme expand this a little bit, and even contradict you (while agreeing). On Wed, Aug 09, 2006 at 01:32:42PM -0400, Jim Perrin wrote: > If you install something like Cpanel to a system, you're adding a > level of complexity. You're stepping over what's provided in the base, > and adding to it. This means you need to not only know the base inside > and out, but you need to know Cpanel inside and out as well. It is a bit more problematic than that. You are not only adding stuff, but you are also replacing (exim, apache) a part of the system. > 1. Minimal packageset. Always a good thing to do, with or without a CP. > 2. Regular updates and backups. Backups ! Backups ! > 3. Config changes Which is sad but true, specially for cPanel (can't say for sure with the other CPs). As a side note, even Webmin will screwup your iptables settings if you enable bandwidth monitoring. > 4. Permissions: > Unix permissions by default are DAC style, where the user has the > power to change permissions. Make sure that you stay on top of this > and keep permissions in places like your webroot to a minimum to do > the job. If you can, enable SELinux, which is MAC style based > permission, which enforces restrictions no matter what the user does. Also, take a look at POSIX ACLs. They are a bit more complex to use than unix permissions, but much more flexible. Nice checklist, Jim. Best Regards, - -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE2iP8pdyWzQ5b5ckRAoZFAJoD1I5X0NUdUxgkFU3Y45OehSBHFwCfUICi I8/gpkvM8Zj8ROqopa+2xgk= =f99Q -----END PGP SIGNATURE-----