Working for an ISP in a previous life we used FreeBSD jails. There are
kind-of-similar solutions for linux also (there's actually people in the list
who sell them even).
Good luck.
En un mensaje anterior, Serban Gh. Ghita escribió:
> Hello
>
> I am banging my head on the table every day, because
I am banging my head on the table every day, because i cannot find an
elegant and safe solution to secure a virtual shared environment (server).
Take the following facts:
-you have a virtual server (unix) and you have to take care of a lot of
clients.
...
maybe something like plesk may be useful
ht
comments interspersed below...
Kind Regards,
-dsp
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Serban Gh. Ghita
> Sent: Tuesday, March 30, 2004 4:05 AM
> To: [EMAIL PROTECTED]
> Subject: [SC-L] virtual server - security
>
>
> Hello
>
> I am banging
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> comments interspersed below...
likewise.
> What's the point of the exercise if you're passing plaintext passwords
> across on port 21? At the very least, mandate SCP/SFTP on port 22.
yes because having a remote exploit every month or two for
ro
I wrote an article for USENIX :login; on FreeBSD jails a couple years ago.
It describes their capabilities and why you might want to use them.
http://www.usenix.org/publications/login/2002-06/pdfs/hope.pdf
I don't think you have to be a member to get that publication online, now
that the article i
You might also consider one of the IPS products (e.g., Okena/Cisco,
Entercept/NAI, or PlatformLogic), all of which will allow you to constrain
what happens and may be somewhat more scalable than VMware if you need
to run a bunch of instances of the virtual environment.
> -Original Message-
Tuesday 30 March 2004 11.05, Serban Gh. Ghita:
> What are the options here. Any paper or book written about
> this?
su-wrapped MODPHP: http://www.suphp.org/Home.html
(CGI is done via suexec)
Even UML might be a Solution for you, if you have enough
ressources.
hth
On 3/31/04 10:05 AM, "Jeremy Epstein" <[EMAIL PROTECTED]> wrote:
> You might also consider one of the IPS products (e.g., Okena/Cisco,
> Entercept/NAI, or PlatformLogic), all of which will allow you to constrain
> what happens and may be somewhat more scalable than VMware if you need
> to run a
a few notes..
> -Original Message-
> From: jnf [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 31, 2004 11:23 AM
> To: Dave Paris
> Cc: Serban Gh. Ghita; [EMAIL PROTECTED]
> Subject: RE: [SC-L] virtual server - security
[...]
> > What's the point of the exercise if you're passing plaint