Another option instead of Xen or SELinux is to set up vservers_, with Grsec+Pax. The performance impact is minimal but you still get clean and isolated environments for your services.

SELinux gives some additional security indeed but is quite expensive to administer -- unless you run only pre-configured packages on your server. Once you start running your own software you spend much time writing policies. I have run some SELinux servers a while ago and I won't do it again unless absolutely necessary. I see the use of SELinux mainly in fine-grained control of interactions of human users with shell accounts in a high security environment. Servers should be as simple as possible, I think.

Regards,
Hans-Thomas

.. _vservers: http://linux-vserver.org

On Jan 16, 2007, at 1:14 AM, Marek Wróbel wrote:

In addition to Grsecurity + PAX you can use SELinux. It's main purpose
is to separate daemons and minimize privilege escalation in case of
buggy daemon. Each daemon has defined role - set of operations it can do
(for example files access, network, capabilities etc.). When someone
breaks into such daemon he can do only operations allowed in this
daemon's role.

There is "Reference policy" - standard policy to be used on SELinux
systems. I have one server with it and there are no problems. Most
commonly used daemons have good policies. Desktop applications have
worse policies, but it shouldn't bother you.

Regards,
Marek Wróbel
--
[email protected] mailing list


--
[EMAIL PROTECTED]




--
[email protected] mailing list

Reply via email to