From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OkMxR-0007iG-HO for garchives@archives.gentoo.org; Sat, 14 Aug 2010 20:03:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 25A1AE0AFB for ; Sat, 14 Aug 2010 20:03:57 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id DB895E08F0 for ; Sat, 14 Aug 2010 19:33:47 +0000 (UTC) Received: by eyf6 with SMTP id 6so1552682eyf.40 for ; Sat, 14 Aug 2010 12:33:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=yNBXkIjUVvvR0hbZrGKy2x2jX7+YMer4V7htzdGY2u4=; b=O/QoTMKar6wZMe0ilzH+s2keKELQO7+PsAY9BaPto8y9tGmD1Yx97PJU+ZWVQ8+WdZ 3YZMcIrY/DnJPRJkqOgnQ1z8OSDyajsD+J5CnwS8Pd9TABNWaCdMioNrHDeH7UBDzW4q D7rPH3uzJvUO0L1W84L0hlwqmUIBenO084PU0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=rZJVnMvduEzhmPv/1Sm998ys/+PdQ6ISNgumTkr4+domZ8AVXLud+6lMcPXX3J+sI3 5nU/fww0ZCH7GbQXme8rXCSMs1FAJ+O3gNS7hZd5lhMYUKAPRvERZOrddhQ2QiggCI7V clAFW37BC2o5YVZ1Xvq4kltpUZyaj4LCq3GhI= Received: by 10.213.25.74 with SMTP id y10mr3470920ebb.3.1281814427068; Sat, 14 Aug 2010 12:33:47 -0700 (PDT) Received: from [192.168.1.20] (91-114-208-122.adsl.highway.telekom.at [91.114.208.122]) by mx.google.com with ESMTPS id v8sm6689976eeh.14.2010.08.14.12.33.44 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 14 Aug 2010 12:33:45 -0700 (PDT) Message-ID: <4C66EF53.3050701@gmail.com> Date: Sat, 14 Aug 2010 21:32:35 +0200 From: Jarry User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] References: <20100813152553.GB21326@nibiru.local> <4C657BCA.9000703@gmail.com> <20100813190533.GB26738@nibiru.local> In-Reply-To: <20100813190533.GB26738@nibiru.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 2112a3d0-72db-49d6-a470-4a83b72dff59 X-Archives-Hash: 140eb04f8e7249dbda9f38164fce2c3e On 13. 8. 2010 21:05, Enrico Weigelt wrote: > * Bill Longman wrote: > >> Basically just run VMWare/Virtualbox etc and put the services in there. > > well, these solutions are way "bigger" (iow: more resource > intensive), since they run a complete operation system instance > within the virtual machine. That is why I picked up Linux-VServer (actually, first I tried OpenVZ but could not make it run). It is a kind of compromise, where all guests share the same kernel. This brings certain security implications, but on the other side, I can run dozens of guest on a moderate machine, with 4-cores and 8GB memory (i.e. a guest running bind takes just about 20MB of memory)... The only service running on my "host" (main system) is sshd, which I secured as much as I could. Everything else (web, mail, dns, ftp, syslog, X, and plenty of users' services) runs on its own guest-system, chrooted in addition (where it was possible). Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.