| 1 |
Another option instead of Xen or SELinux is to set up vservers_, with |
| 2 |
Grsec+Pax. The performance impact is minimal but you still get clean |
| 3 |
and isolated environments for your services. |
| 4 |
|
| 5 |
SELinux gives some additional security indeed but is quite expensive |
| 6 |
to administer -- unless you run only pre-configured packages on your |
| 7 |
server. Once you start running your own software you spend much time |
| 8 |
writing policies. I have run some SELinux servers a while ago and I |
| 9 |
won't do it again unless absolutely necessary. I see the use of |
| 10 |
SELinux mainly in fine-grained control of interactions of human users |
| 11 |
with shell accounts in a high security environment. Servers should |
| 12 |
be as simple as possible, I think. |
| 13 |
|
| 14 |
Regards, |
| 15 |
Hans-Thomas |
| 16 |
|
| 17 |
.. _vservers: http://linux-vserver.org |
| 18 |
|
| 19 |
On Jan 16, 2007, at 1:14 AM, Marek Wróbel wrote: |
| 20 |
|
| 21 |
> In addition to Grsecurity + PAX you can use SELinux. It's main purpose |
| 22 |
> is to separate daemons and minimize privilege escalation in case of |
| 23 |
> buggy daemon. Each daemon has defined role - set of operations it |
| 24 |
> can do |
| 25 |
> (for example files access, network, capabilities etc.). When someone |
| 26 |
> breaks into such daemon he can do only operations allowed in this |
| 27 |
> daemon's role. |
| 28 |
> |
| 29 |
> There is "Reference policy" - standard policy to be used on SELinux |
| 30 |
> systems. I have one server with it and there are no problems. Most |
| 31 |
> commonly used daemons have good policies. Desktop applications have |
| 32 |
> worse policies, but it shouldn't bother you. |
| 33 |
> |
| 34 |
> Regards, |
| 35 |
> Marek Wróbel |
| 36 |
> -- |
| 37 |
> gentoo-hardened@g.o mailing list |
| 38 |
> |
| 39 |
|
| 40 |
-- |
| 41 |
htmue@×××.net |
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
gentoo-hardened@g.o mailing list |
Archives