Beyond Jeff's suggestions, you may also be interested in the Immutable
Service Container project which is based upon OpenSolaris, Zones and
integrates many of the core security technologies:

For example, the zone (global and non-global) hardening that is
performed conforms to the Center for Internet Security Guidance
as documented at:


On 1/6/10 10:48 AM, Jeff Victor wrote:
On Wed, Jan 6, 2010 at 8:51 AM, David Browning<>  wrote:
I built an Opensolaris media server and backup machine for my local network.

At some point I would like to add ampache to my setup. If you are not familiar, 
it is a media server that will stream audio/video to client devices over the 

Obviously this requires that this application be exposed to the big bad world. 
So I would like to isolate this program as much as possible. I'm hoping to 
leverage other's experience and knowledge to figure out which would be the best 
way/approach to do this, so I'm not spinning my wheels down the wrong path.


You might want to read and, which also points to
a Sun BluePrint I co-authored. The blog and BP discuss methods to
harden zones, including preventing an intruder from modifying the OS,
i.e. leaving a Trojan horse behind, and applying resource controls to
minimize DoS attacks.

It's even possible to do both: Zones on VBox, or VBox in a zone: .

Principal Field Technologist
Sun Microsystems, Inc.
zones-discuss mailing list
zones-discuss mailing list

Reply via email to