Another option instead of Xen or SELinux is to set up vservers_, with
Grsec+Pax. The performance impact is minimal but you still get clean
and isolated environments for your services.
SELinux gives some additional security indeed but is quite expensive
to administer -- unless you run only pre-configured packages on your
server. Once you start running your own software you spend much time
writing policies. I have run some SELinux servers a while ago and I
won't do it again unless absolutely necessary. I see the use of
SELinux mainly in fine-grained control of interactions of human users
with shell accounts in a high security environment. Servers should
be as simple as possible, I think.
Regards,
Hans-Thomas
.. _vservers: http://linux-vserver.org
On Jan 16, 2007, at 1:14 AM, Marek Wróbel wrote:
In addition to Grsecurity + PAX you can use SELinux. It's main purpose
is to separate daemons and minimize privilege escalation in case of
buggy daemon. Each daemon has defined role - set of operations it
can do
(for example files access, network, capabilities etc.). When someone
breaks into such daemon he can do only operations allowed in this
daemon's role.
There is "Reference policy" - standard policy to be used on SELinux
systems. I have one server with it and there are no problems. Most
commonly used daemons have good policies. Desktop applications have
worse policies, but it shouldn't bother you.
Regards,
Marek Wróbel
--
[email protected] mailing list
--
[EMAIL PROTECTED]
--
[email protected] mailing list