1 |
Another option instead of Xen or SELinux is to set up vservers_, with |
2 |
Grsec+Pax. The performance impact is minimal but you still get clean |
3 |
and isolated environments for your services. |
4 |
|
5 |
SELinux gives some additional security indeed but is quite expensive |
6 |
to administer -- unless you run only pre-configured packages on your |
7 |
server. Once you start running your own software you spend much time |
8 |
writing policies. I have run some SELinux servers a while ago and I |
9 |
won't do it again unless absolutely necessary. I see the use of |
10 |
SELinux mainly in fine-grained control of interactions of human users |
11 |
with shell accounts in a high security environment. Servers should |
12 |
be as simple as possible, I think. |
13 |
|
14 |
Regards, |
15 |
Hans-Thomas |
16 |
|
17 |
.. _vservers: http://linux-vserver.org |
18 |
|
19 |
On Jan 16, 2007, at 1:14 AM, Marek Wróbel wrote: |
20 |
|
21 |
> In addition to Grsecurity + PAX you can use SELinux. It's main purpose |
22 |
> is to separate daemons and minimize privilege escalation in case of |
23 |
> buggy daemon. Each daemon has defined role - set of operations it |
24 |
> can do |
25 |
> (for example files access, network, capabilities etc.). When someone |
26 |
> breaks into such daemon he can do only operations allowed in this |
27 |
> daemon's role. |
28 |
> |
29 |
> There is "Reference policy" - standard policy to be used on SELinux |
30 |
> systems. I have one server with it and there are no problems. Most |
31 |
> commonly used daemons have good policies. Desktop applications have |
32 |
> worse policies, but it shouldn't bother you. |
33 |
> |
34 |
> Regards, |
35 |
> Marek Wróbel |
36 |
> -- |
37 |
> gentoo-hardened@g.o mailing list |
38 |
> |
39 |
|
40 |
-- |
41 |
htmue@×××.net |
42 |
|
43 |
|
44 |
|
45 |
|
46 |
-- |
47 |
gentoo-hardened@g.o mailing list |