1 |
Hi all, |
2 |
|
3 |
I co-admin 2 servers running x86_64 gentoo installs. Due to not updating |
4 |
the servers for a longer period, there were several major security |
5 |
issues which at least allowed for someone to run a ftp server on it |
6 |
without me knowing about it. |
7 |
|
8 |
Because a lot of stuff is still outdated and this was the first install |
9 |
for the servers I want to reinstall them, again using gentoo. My own |
10 |
idea was to isolate the web and mail-server in Xen virtual machines, so |
11 |
that if someone's ever able to get in they can only bring down a small |
12 |
part, which can easily be restored. |
13 |
|
14 |
Now my question is, would this be a good way to at least partly secure |
15 |
the machine? Or should I use something from the hardened depot to |
16 |
increase the security levels on these servers? The problem now was that |
17 |
one program had a bug in it which could even give remote users root |
18 |
access to the entire machine, which could've also caused loss of data |
19 |
the program was not related to. By isolating in Xen domains this problem |
20 |
is partly solved, but it does also bring a few other problems along. |
21 |
|
22 |
I hope someone that has had or is avoiding these same problems can shed |
23 |
some light on it... |
24 |
Greetings, |
25 |
|
26 |
Michael |
27 |
|
28 |
-- |
29 |
gentoo-hardened@g.o mailing list |