Now here is my problem. If you make all of these root jails to contain all the programs they need you are going to end up with a lot of duplicated programs scattered all over your system. A fully working apache with perl and php is going to use up about 300 MB of space times that by the six or so services you want to jail and that becomes a lot of extra work when it comes time to upgrade them.
I would like to know if there is any way to do this with one image of a root jail system to serve all the jails.
I tried but could not make it work.
On Sun, 2004-05-09 at 15:06, Curtis Sloan wrote:
On Sat May 8 2004 17:50, Roy Souther wrote: > I just wrote up this html file called ServerDefender that talks about > how to protect your server if someone gets into it. Let me know what you > think. > > http://llug.linux.ab.ca/Projects/ServerDefender/ServerDefender.html > > Roy Souther > www.SiliconTao.com > > Changing the way people do business. An OK quick-and-dirty layer on top of normal chroot jailing (which should be done anyway). Ideally, this should kind of hardened implementation should be done instead using mandatory ACLs and security policy frameworks such as SELinux provides. However, those can require quite a bit of overhead to modify or develop. Some of the things that this misses out on protecting is the running, available services (including the kernel) by using protections against stack smashing and buffer overflows, etc. But all-in-all, if you want a quick-and-dirty lock-down, this would do it. My thoughts, Curtis _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
|
signature.asc
Description: This is a digitally signed message part
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
