From: Bill Longman <bill.longman@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 13 Aug 2010 10:07:22 -0700 [thread overview]
Message-ID: <4C657BCA.9000703@gmail.com> (raw)
In-Reply-To: <AANLkTimT-fUKEohbn4M+rp9yd-5FfAzCGiGG4-BCmEAP@mail.gmail.com>
On 08/13/2010 09:25 AM, Mark Knecht wrote:
> On Fri, Aug 13, 2010 at 8:25 AM, Enrico Weigelt <weigelt@metux.de> wrote:
>> * Paul Hartman <paul.hartman+gentoo@gmail.com> wrote:
>>
>> <snip>
>>
>> Apropos cracked machines:
>>
>> In recent years I often got trouble w/ cracked customer's boxes
>> (one eg. was abused for SIP-calling people around the world and
>> asking them for their debit card codes ;-o). So thought about
>> protection against those scenarios. The solution:
>>
>> Put all remotely available services into containers and make the
>> host system only accessible via special channels (eg. serial console).
>> You can run automatic sanity tests and security alerts from the hosts
>> system, which cannot be highjacked (as long as there's no kernel
>> bug which allows escaping a container ;-o).
>>
>> This also brings several other benefits, eg. easier backups, quick
>> migration to other machines, etc.
>>
>>
>> cu
>
> Hi Enrico,
> Since I'm not an IT guy could you please explain this just a bit
> more? What is 'a container'? Is it a chroot running on the same
> machine? A different machine? Something completely different?
>
> In the OP's case (I believe) he thought a personal machine at home
> was compromised. If that's the case then without doubling my
> electrical bill (2 computers) how would I implement your containers?
Basically just run VMWare/Virtualbox etc and put the services in there.
That's why I force my kids to use IE in a VM....
No, chroots are NOT the same. They run on the same system.
next prev parent reply other threads:[~2010-08-13 17:09 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-10 6:10 [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice [Solved?] Paul Hartman
2010-08-10 8:47 ` Neil Bothwick
2010-08-13 15:25 ` [gentoo-user] Increasing security [WAS: " Enrico Weigelt
2010-08-13 16:25 ` Mark Knecht
2010-08-13 17:07 ` Bill Longman [this message]
2010-08-13 19:05 ` Enrico Weigelt
2010-08-14 19:32 ` Jarry
2010-08-16 14:16 ` Bill Longman
2010-08-16 15:29 ` Mark Knecht
2010-08-16 16:07 ` Jarry
2010-08-16 16:24 ` Bill Longman
2010-09-10 1:06 ` Enrico Weigelt
2010-08-13 18:58 ` Enrico Weigelt
2010-08-13 19:24 ` Mark Knecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C657BCA.9000703@gmail.com \
--to=bill.longman@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox