Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Using Xen / Jail to Secure a Webserver/Workstation
I am trying to run a personal web server on a computer that will also be used for normal day-to-day use. I know this is not the best security practice, but I don't have an option to buy another computer. I will be running a 2.6 Hardened Kernel with grsecurity && Pax enabled.
I have a few questions about securing this setup:
1) So far I've been looking into using Xen to run three virtual systems -- one with extremely restricted functionality that will be used for the web server, one for system administration, and one for the regular users that contains only programs like openoffice, irssi, Firefox, and an xterm. Is there any reason that this won't work? Is there a better way to go about separating the system into these three roles.
2) Can I set it up so that each of the virtual machines has it's own firewall with unique settings? i.e. only allowing the web server VM to take INPUT on port 80, while the desktop VM wouldn't be able to listen on port 80, but could send on it, and the sysadmin VM could only talk on localhost and send rsync traffic etc?
3) Within the Xen VM that is set up for the regular users, I was planning on setting up a chroot() environment, using jail, to lock down any network connected applications that they have access to. The only network connected applications that regular users will have access to will be irssi (irc chat), and Mozilla Firefox. Would I benefit from putting these programs inside of a chroot jail? Are there more effective, or additional ways that I could run these applications in a sandboxed environment?
I would also appreciate any other suggestions (even if they aren't related to the questions above) related to running applications in a restricted environment and securing this type of setup. How would you go about it?
Last edited by jrtayloriv; 01-11-2008 at 04:40 PM.