From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 13 Aug 2010 09:25:49 -0700 [thread overview]
Message-ID: <AANLkTimT-fUKEohbn4M+rp9yd-5FfAzCGiGG4-BCmEAP@mail.gmail.com> (raw)
In-Reply-To: <20100813152553.GB21326@nibiru.local>
On Fri, Aug 13, 2010 at 8:25 AM, Enrico Weigelt <weigelt@metux.de> wrote:
> * Paul Hartman <paul.hartman+gentoo@gmail.com> wrote:
>
> <snip>
>
> Apropos cracked machines:
>
> In recent years I often got trouble w/ cracked customer's boxes
> (one eg. was abused for SIP-calling people around the world and
> asking them for their debit card codes ;-o). So thought about
> protection against those scenarios. The solution:
>
> Put all remotely available services into containers and make the
> host system only accessible via special channels (eg. serial console).
> You can run automatic sanity tests and security alerts from the hosts
> system, which cannot be highjacked (as long as there's no kernel
> bug which allows escaping a container ;-o).
>
> This also brings several other benefits, eg. easier backups, quick
> migration to other machines, etc.
>
>
> cu
Hi Enrico,
Since I'm not an IT guy could you please explain this just a bit
more? What is 'a container'? Is it a chroot running on the same
machine? A different machine? Something completely different?
In the OP's case (I believe) he thought a personal machine at home
was compromised. If that's the case then without doubling my
electrical bill (2 computers) how would I implement your containers?
Thanks,
Mark
next prev parent reply other threads:[~2010-08-13 17:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-10 6:10 [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice [Solved?] Paul Hartman
2010-08-10 8:47 ` Neil Bothwick
2010-08-13 15:25 ` [gentoo-user] Increasing security [WAS: " Enrico Weigelt
2010-08-13 16:25 ` Mark Knecht [this message]
2010-08-13 17:07 ` Bill Longman
2010-08-13 19:05 ` Enrico Weigelt
2010-08-14 19:32 ` Jarry
2010-08-16 14:16 ` Bill Longman
2010-08-16 15:29 ` Mark Knecht
2010-08-16 16:07 ` Jarry
2010-08-16 16:24 ` Bill Longman
2010-09-10 1:06 ` Enrico Weigelt
2010-08-13 18:58 ` Enrico Weigelt
2010-08-13 19:24 ` Mark Knecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AANLkTimT-fUKEohbn4M+rp9yd-5FfAzCGiGG4-BCmEAP@mail.gmail.com \
--to=markknecht@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox