I don't know the answer to that. However, considering the vector of attack you're envisioning, a chroot jail for Apache Mysql might be the way to go. For example:
http://www.cyberciti.biz/tips/chroot-apache-under-rhel-fedora-centos-linux.html Might be something you'd want to consider anyway, if these things are sitting on a public network. On Mon, Jul 25, 2011 at 2:33 PM, Jonathan Bayer <[email protected]> wrote: > Hi, > > Has anyone ever had to secure a KVM VM to prevent anybody who has root on > the VM to get out? > > I've heard that it is possible to totally lock down the network, but would > like to speak to someone who has done this. > > The assumption that I will have to work under is that a hacker/cracker > breaks through whatever security is in the VM (probably running Apache & > mysql), and will have full access to the VM. I'll need to prevent him from > getting on to the host system or anywhere else on the networks. > > > JBB > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
