| 1 |
Hi, |
| 2 |
|
| 3 |
I have a server that's doing just about everything a server can do. It's |
| 4 |
serving webpages with Apache, running mysql, handling mail for around 30 |
| 5 |
people with Postfix, running subversion for a couple of development |
| 6 |
projects, running both a Ventrilo and a CounterStrike server as well as |
| 7 |
having a bunch of local users via ssh which use it to run mutt, |
| 8 |
centericq, irssi and stuff like that. In general a very active server. |
| 9 |
I have been having my doubts about the security on this server lately |
| 10 |
however, and have been looking into different solutions. |
| 11 |
A quick analysis will show that the solution needs to take into account |
| 12 |
both attacks from outside and local attacks since local users can't be |
| 13 |
trusted 100%. |
| 14 |
My first idea was to use linux-vserver, put everything into their own |
| 15 |
vservers and have users log into a vserver with just the programs they |
| 16 |
need there to minimize the threat from them. Unfortunately screen does |
| 17 |
not work inside vservers so this solution is no good as most users have |
| 18 |
their mailclient, irc client, icq client etc. running in a screen and |
| 19 |
just reattach to it when they log in. |
| 20 |
Now I could run everything in vservers and just let users login to the |
| 21 |
host as they do now. That would certainly limit the threat from security |
| 22 |
bugs in things like the CS server, and would limit the users ability to |
| 23 |
mess with running processes. Not that they have rights to do that |
| 24 |
anyway, but a layer of protection has been added. I would have liked |
| 25 |
this solution to use SELinux or grsecurity to give me access control to |
| 26 |
further boost security, but it seems that there aren't any current |
| 27 |
vserver+grsec patches available and the don't apply cleanly on top of |
| 28 |
each other. And SELinux is incompatible with vserver (I have read). |
| 29 |
Yet another solution would be to drop vserver and just use grsecurity or |
| 30 |
SELinux, but I am uncertain how good the protection against security |
| 31 |
holes in i.e. CS-server would be in contrast with the vserver solution. |
| 32 |
Yet another solution would of course be Xen, but since 3.0 is not yet in |
| 33 |
stable, I don't really think that's a viable solution yet. |
| 34 |
|
| 35 |
I might be missing some possible solution scenarios and would very much |
| 36 |
appreciate advice. Both regarding my ideas so far, and anything I have |
| 37 |
missed. |
| 38 |
|
| 39 |
And no, buying a second server to isolate users on is not an option. |
| 40 |
This is a private server and I am not a rich guy :) |
| 41 |
|
| 42 |
Thanks in advance. |
| 43 |
|
| 44 |
-- |
| 45 |
Anders |
| 46 |
-----BEGIN GEEK CODE BLOCK----- |
| 47 |
Version: 3.12 |
| 48 |
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V |
| 49 |
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y? |
| 50 |
------END GEEK CODE BLOCK------ |
| 51 |
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0 |
| 52 |
-- |
| 53 |
gentoo-security@g.o mailing list |
Archives