06 Using jails

Here be your applications!

immediate advantage:

a controlled environment - any increase in the number of files (non php-temp files) in your jail is highly suspicious

use extra filesystems for data, use noexec if possible

check for any modified (mtime 0) files in the jail-os area.

ensures separation of i.e. mysql and apache

but don't use it with pgsql - shared memory is not jailed (unless you only use shm for pgsql)

latency increase minimalĀ 

don't run anything on the jail host, only allow vpn'ed ssh access.