Hi all,

I co-admin 2 servers running x86_64 gentoo installs. Due to not updating
the servers for a longer period, there were several major security
issues which at least allowed for someone to run a ftp server on it
without me knowing about it.

Because a lot of stuff is still outdated and this was the first install
for the servers I want to reinstall them, again using gentoo. My own
idea was to isolate the web and mail-server in Xen virtual machines, so
that if someone's ever able to get in they can only bring down a small
part, which can easily be restored.

Now my question is, would this be a good way to at least partly secure
the machine? Or should I use something from the hardened depot to
increase the security levels on these servers? The problem now was that
one program had a bug in it which could even give remote users root
access to the entire machine, which could've also caused loss of data
the program was not related to. By isolating in Xen domains this problem
is partly solved, but it does also bring a few other problems along.

I hope someone that has had or is avoiding these same problems can shed
some light on it...
Greetings,

Michael

-- 
[email protected] mailing list

Reply via email to