Hi Folks! a short overview what should be considered regarding linux-vserver security and stability:
security: - do not enable features you do not need - do not give linux capabilities to vservers without really good reason - do not run services on the host, except for the minimal set (sshd, ntpd, syslog) - make sure that the 000 barrier is there and working - do not use local loopback inside a vserver - make sure your /proc entries are restricted - try to follow security fixes (kernel) stability: - do not enable SMP in kernel used on single processor machines (unless Xeon/P4 HT) - do not select kernel features/drivers your hardware doesn't need - avoid preemption - do not run services on the host, except for the minimal set (sshd, ntpd, syslog) - avoid cronjobs starting on all servers at once (smart daily cron rotation) - do not use experimental or development kernels/patches unless you absolutely need the provided features HTH, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
