From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ol0VY-0007b5-TB for garchives@archives.gentoo.org; Mon, 16 Aug 2010 14:17:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 587CFE08B0; Mon, 16 Aug 2010 14:16:41 +0000 (UTC) Received: from mail-pw0-f53.google.com (mail-pw0-f53.google.com [209.85.160.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B9C1E08B0 for ; Mon, 16 Aug 2010 14:16:41 +0000 (UTC) Received: by pwi5 with SMTP id 5so1583818pwi.40 for ; Mon, 16 Aug 2010 07:16:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=U7U+aF8EDuFJWsVgBKXev1ErxoiWGzgFXJp5mCAkwS0=; b=pphOvs+wnWms+9FqSEdhTCzJ0RiVYcjc0CfkwI9tikYKLJ3/xgqUFt7crPfnjd9EBE AUTvFXJY6YkTlhh8688K4MxE7ERsK8CVaReRnbqDtb16o5+O39rzRcmp7L9cUdDg40uC Ooqqrgw6wl0Do49JOimPVRtUrqhXQD5LEkRQU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=RSApzuIzYSMqlhbyQmDYbscu/Bpk0oOn/gFD+7niFut/TpVordTjCbpwc6Qh0otJl7 49V587g8JWqJv3gqWwC7VX/L1RF9lJtj2DEGtQfIdLM4yiV0UT93/b76Q+m/O4Uy0mA/ hWRW14RT8A6GmYauoX54pH+FajUlApENcJsf8= Received: by 10.114.103.3 with SMTP id a3mr6244187wac.34.1281968200552; Mon, 16 Aug 2010 07:16:40 -0700 (PDT) Received: from [192.168.0.12] ([209.20.133.224]) by mx.google.com with ESMTPS id n32sm12276782wag.23.2010.08.16.07.16.38 (version=SSLv3 cipher=RC4-MD5); Mon, 16 Aug 2010 07:16:39 -0700 (PDT) Message-ID: <4C69483D.1090705@gmail.com> Date: Mon, 16 Aug 2010 07:16:29 -0700 From: Bill Longman User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100727 Thunderbird/3.1.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] References: <20100813152553.GB21326@nibiru.local> <4C657BCA.9000703@gmail.com> <20100813190533.GB26738@nibiru.local> <4C66EF53.3050701@gmail.com> In-Reply-To: <4C66EF53.3050701@gmail.com> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 6330cc92-7ce3-4885-846d-5057d53da204 X-Archives-Hash: 35e2eae2215d08299aed0aeb236ab372 On 08/14/2010 12:32 PM, Jarry wrote: > On 13. 8. 2010 21:05, Enrico Weigelt wrote: >> * Bill Longman wrote: >> >>> Basically just run VMWare/Virtualbox etc and put the services in there. >> >> well, these solutions are way "bigger" (iow: more resource >> intensive), since they run a complete operation system instance >> within the virtual machine. > > That is why I picked up Linux-VServer (actually, first I tried > OpenVZ but could not make it run). It is a kind of compromise, > where all guests share the same kernel. This brings certain > security implications, but on the other side, I can run dozens > of guest on a moderate machine, with 4-cores and 8GB memory > (i.e. a guest running bind takes just about 20MB of memory)... This looks rather interesting, Jarry. Is it simply a matter of compiling the vserver-sources and util-vserver? Did it take much time to set up the kernel for your box? Or is it pretty much a typical kernel setup? Any good tools in the util-vserver package? > The only service running on my "host" (main system) is sshd, > which I secured as much as I could. Everything else (web, mail, > dns, ftp, syslog, X, and plenty of users' services) runs on its > own guest-system, chrooted in addition (where it was possible). Sounds very efficient. TIA, Bill