Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-09-2008, 09:58 PM   #1
Registered: Jun 2004
Location: Inland NW, US
Distribution: Ubuntu
Posts: 365
Blog Entries: 1

Rep: Reputation: 44
Using Xen / Jail to Secure a Webserver/Workstation

I am trying to run a personal web server on a computer that will also be used for normal day-to-day use. I know this is not the best security practice, but I don't have an option to buy another computer. I will be running a 2.6 Hardened Kernel with grsecurity && Pax enabled.

I have a few questions about securing this setup:

1) So far I've been looking into using Xen to run three virtual systems -- one with extremely restricted functionality that will be used for the web server, one for system administration, and one for the regular users that contains only programs like openoffice, irssi, Firefox, and an xterm. Is there any reason that this won't work? Is there a better way to go about separating the system into these three roles.

2) Can I set it up so that each of the virtual machines has it's own firewall with unique settings? i.e. only allowing the web server VM to take INPUT on port 80, while the desktop VM wouldn't be able to listen on port 80, but could send on it, and the sysadmin VM could only talk on localhost and send rsync traffic etc?

3) Within the Xen VM that is set up for the regular users, I was planning on setting up a chroot() environment, using jail, to lock down any network connected applications that they have access to. The only network connected applications that regular users will have access to will be irssi (irc chat), and Mozilla Firefox. Would I benefit from putting these programs inside of a chroot jail? Are there more effective, or additional ways that I could run these applications in a sandboxed environment?

I would also appreciate any other suggestions (even if they aren't related to the questions above) related to running applications in a restricted environment and securing this type of setup. How would you go about it?


Last edited by jrtayloriv; 01-11-2008 at 05:40 PM.
Old 01-24-2008, 08:33 AM   #2
Registered: Jun 2004
Location: Inland NW, US
Distribution: Ubuntu
Posts: 365
Blog Entries: 1

Original Poster
Rep: Reputation: 44
Just wondering if anyone had any ideas regarding this? Bump, that is...


apache, chroot, jail, server, xen

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions on securing my system by a newbie Michael_aust Linux - Security 8 04-27-2006 07:29 PM
iptables questions for a vpn with fc3 workstation rchristophe Linux - Newbie 1 06-25-2005 08:02 AM
Questions about securing Apache Lleb_KCir Linux - Security 6 04-07-2004 10:41 AM
Securing a companies Webserver darookee Linux - Security 1 10-01-2002 08:02 AM
How to install Webserver on RH 7.2 "workstation" ? salman Linux - Software 1 12-29-2001 07:27 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:30 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration