On Mon, Aug 28, 2006 at 10:44:36AM +0300, Neoklis wrote:
> Hi all,
>
> I have opened an account with an ISP that provides me with a fixed IP
> address and this tempts me to set up a micro server at home for my
> website etc. I must confess I am a Linux user but consider OpenBSD
> the best choice for a secure server, so will install soon on my desktop
> to learn and then install on a suitable device.
>
> I have searched the web extensively and seems that a Soekris device
> might be suitable, however I have no experience in this type of device
> or running a web server or router so with apologies I post this article
> hoping for advice on the following:
>
> Can I use a Soekris board to run the OpenBSD+Apache web server and
> put my web site on line from home? Which is most suitable?
>
> I would like (must!) share my ADSL line with at least the web server and
> my desktop and possibly a laptop. The ADSL modem has an Ethernet
> connection and I wonder, could I use the Soekris board to act as a router,
> preferably wireless, as well as running the server?
>
> My thanks in advance!
Yes, though you might want to consider a 2.5" HD instead of CF if the
website changes a lot and/or you want to keep logs.
The usual caveats for running a server and a firewall on the same box
apply; though I must admit that I have not seen any vulnerabilities
which would break this particular setup in the last couple of years [1].
There are quite a few threads in the archive about wireless cards that
work as access points, and/or in a Soekris; it can be done, but might
require some searching for a proper model.
Joachim
[1] While gaining access to the web server via a PHP, CGI, or similar
bug can be assumed to be possible, breaking the chroot() is dependent on
either gross administrator error or kernel-level vulnerabilities; and
OpenBSD isn't very good on those.
Of course, localhost is a very nice place to start a brute-force attack,
so choose a good password or just disable password authentication in
sshd. After all, you'll want to use a serial cable anyway.
