From: Enrico Weigelt <weigelt@metux.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 10 Sep 2010 03:06:24 +0200 [thread overview]
Message-ID: <20100910010624.GF8209@nibiru.local> (raw)
In-Reply-To: <4C66EF53.3050701@gmail.com>
* Jarry <mr.jarry@gmail.com> wrote:
> The only service running on my "host" (main system) is sshd,
> which I secured as much as I could.
If you have some physical access (eg. serial console), you
could even drop sshd (or only bind it to some local interface)
to get around possible ssh attacks. That's what I'm doing on
several machines.
> Everything else (web, mail, dns, ftp, syslog, X, and plenty of
> users' services) runs on its own guest-system, chrooted in
> addition (where it was possible).
Yes, that's also my approach.
BTW: I'm currently trying to convice one of my customers - an
major German ISP - to provide a generic solution for such kind
of environments: customers can allocate and configure containers
at will (also via robot interfaces), and the ISP takes care of
the cluster of host machines ... maybe I get the leading product
managers convinced some day ;-)
cu
--
----------------------------------------------------------------------
Enrico Weigelt, metux IT service -- http://www.metux.de/
phone: +49 36207 519931 email: weigelt@metux.de
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666
----------------------------------------------------------------------
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme
----------------------------------------------------------------------
next prev parent reply other threads:[~2010-09-10 1:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-10 6:10 [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice [Solved?] Paul Hartman
2010-08-10 8:47 ` Neil Bothwick
2010-08-13 15:25 ` [gentoo-user] Increasing security [WAS: " Enrico Weigelt
2010-08-13 16:25 ` Mark Knecht
2010-08-13 17:07 ` Bill Longman
2010-08-13 19:05 ` Enrico Weigelt
2010-08-14 19:32 ` Jarry
2010-08-16 14:16 ` Bill Longman
2010-08-16 15:29 ` Mark Knecht
2010-08-16 16:07 ` Jarry
2010-08-16 16:24 ` Bill Longman
2010-09-10 1:06 ` Enrico Weigelt [this message]
2010-08-13 18:58 ` Enrico Weigelt
2010-08-13 19:24 ` Mark Knecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100910010624.GF8209@nibiru.local \
--to=weigelt@metux.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox