1 |
Noticed this rather nice HOWTO writeup via the forums: |
2 |
http://oss.croup.de/vserver/guide/ |
3 |
|
4 |
I have been casting around for a little while now on how best to setup a |
5 |
part internet facing machine which runs a variety of services like |
6 |
apache, postfix, courier-imap, tiny-dns, etc, whilst remaining as secure |
7 |
as possible. |
8 |
|
9 |
Right now the various "secure" options seem to be somewhat orthogonal |
10 |
and you have to pick one of the other. I couldn't really fathom |
11 |
selinux, grsec seems to be struggling to keep up to date with the latest |
12 |
kernels, usermode seems to have some troubles with a hardened kernel |
13 |
(and reportedly isn't too speedy in some circumstances?). |
14 |
|
15 |
So vservers seems to be a relatively poorly discussed alternative? |
16 |
Anyone got any thoughts? The link above points to a bug report on |
17 |
tweaking the initial stages to handle vservers a little better - is |
18 |
there any way to get a bit more interest in merging in the proposed |
19 |
changes by stiring up some interest here? |
20 |
|
21 |
Curious to hear any success/failure stories with vserver, or any other |
22 |
success stories on how to handle this problem of a general purpose |
23 |
server with some internet facing stuff, but all on a single box. |
24 |
|
25 |
Thanks |
26 |
|
27 |
Ed W |
28 |
|
29 |
-- |
30 |
gentoo-hardened@g.o mailing list |