| 1 |
Noticed this rather nice HOWTO writeup via the forums: |
| 2 |
http://oss.croup.de/vserver/guide/ |
| 3 |
|
| 4 |
I have been casting around for a little while now on how best to setup a |
| 5 |
part internet facing machine which runs a variety of services like |
| 6 |
apache, postfix, courier-imap, tiny-dns, etc, whilst remaining as secure |
| 7 |
as possible. |
| 8 |
|
| 9 |
Right now the various "secure" options seem to be somewhat orthogonal |
| 10 |
and you have to pick one of the other. I couldn't really fathom |
| 11 |
selinux, grsec seems to be struggling to keep up to date with the latest |
| 12 |
kernels, usermode seems to have some troubles with a hardened kernel |
| 13 |
(and reportedly isn't too speedy in some circumstances?). |
| 14 |
|
| 15 |
So vservers seems to be a relatively poorly discussed alternative? |
| 16 |
Anyone got any thoughts? The link above points to a bug report on |
| 17 |
tweaking the initial stages to handle vservers a little better - is |
| 18 |
there any way to get a bit more interest in merging in the proposed |
| 19 |
changes by stiring up some interest here? |
| 20 |
|
| 21 |
Curious to hear any success/failure stories with vserver, or any other |
| 22 |
success stories on how to handle this problem of a general purpose |
| 23 |
server with some internet facing stuff, but all on a single box. |
| 24 |
|
| 25 |
Thanks |
| 26 |
|
| 27 |
Ed W |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-hardened@g.o mailing list |
Archives