LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-09-2008, 09:58 PM   #1
jrtayloriv
Member
 
Registered: Jun 2004
Location: Inland NW, US
Distribution: Ubuntu
Posts: 365
Blog Entries: 1

Rep: Reputation: 44
Using Xen / Jail to Secure a Webserver/Workstation


I am trying to run a personal web server on a computer that will also be used for normal day-to-day use. I know this is not the best security practice, but I don't have an option to buy another computer. I will be running a 2.6 Hardened Kernel with grsecurity && Pax enabled.

I have a few questions about securing this setup:

1) So far I've been looking into using Xen to run three virtual systems -- one with extremely restricted functionality that will be used for the web server, one for system administration, and one for the regular users that contains only programs like openoffice, irssi, Firefox, and an xterm. Is there any reason that this won't work? Is there a better way to go about separating the system into these three roles.

2) Can I set it up so that each of the virtual machines has it's own firewall with unique settings? i.e. only allowing the web server VM to take INPUT on port 80, while the desktop VM wouldn't be able to listen on port 80, but could send on it, and the sysadmin VM could only talk on localhost and send rsync traffic etc?

3) Within the Xen VM that is set up for the regular users, I was planning on setting up a chroot() environment, using jail, to lock down any network connected applications that they have access to. The only network connected applications that regular users will have access to will be irssi (irc chat), and Mozilla Firefox. Would I benefit from putting these programs inside of a chroot jail? Are there more effective, or additional ways that I could run these applications in a sandboxed environment?


I would also appreciate any other suggestions (even if they aren't related to the questions above) related to running applications in a restricted environment and securing this type of setup. How would you go about it?

Thanks,
jrtayloriv

Last edited by jrtayloriv; 01-11-2008 at 05:40 PM.
 
Old 01-24-2008, 08:33 AM   #2
jrtayloriv
Member
 
Registered: Jun 2004
Location: Inland NW, US
Distribution: Ubuntu
Posts: 365
Blog Entries: 1

Original Poster
Rep: Reputation: 44
Just wondering if anyone had any ideas regarding this? Bump, that is...
 
  


Reply

Tags
apache, chroot, jail, server, xen


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions on securing my system by a newbie Michael_aust Linux - Security 8 04-27-2006 07:29 PM
iptables questions for a vpn with fc3 workstation rchristophe Linux - Newbie 1 06-25-2005 08:02 AM
Questions about securing Apache Lleb_KCir Linux - Security 6 04-07-2004 10:41 AM
Securing a companies Webserver darookee Linux - Security 1 10-01-2002 08:02 AM
How to install Webserver on RH 7.2 "workstation" ? salman Linux - Software 1 12-29-2001 07:27 AM


All times are GMT -5. The time now is 03:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration