jail() House Rock

From: Hans Zaunere (zaunere@yahoo.com)
Date: 09/06/02


Date: Fri, 6 Sep 2002 11:58:14 -0700 (PDT)
From: Hans Zaunere <zaunere@yahoo.com>
To: freebsd-security@freebsd.org


I'm looking to provide jail()'d root access to clients (the virtual
private server bit). I myself have been a client on several of these
setups, and while some are better than others, I often find missing and
broken features - and I've never even looked at it from a security
standpoint.

Aside from the commonly known man pages/handbooks/etc is there a
definitve source for PROPERLY setting one of these systems up?
Something that outlines what features mean decreased security?
Something that outlines proper layout of these systems? Then I can
judge exactly what and what not to offer. I already have a good handle
on security of regular systems, so something specific to the jail()'d
environment would be best, as I'm sure there are some gotchas and such.

Thank you,

Hans

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • RE: Dhcp security
    ... Setting up a 802.1x wired network requires: ... vendors, including Cisco, provide solutions to ensure that only properly ... trust agent collects security state information from multiple security ... software clients, such as anti-virus clients, and then communicates this ...
    (Focus-Microsoft)
  • Re: [Full-Disclosure] SSH vs. TLS
    ... > frowned upon by network ops and security. ... > - There must be a secure means by which all server keys are distributed to ... > appropriate ssh clients. ... > servers from using expired keys. ...
    (Full-Disclosure)
  • Re: Same source port queries dropped by ServerIron load balancer
    ... It's really not the job of a load balancer or server to force clients to ... use good security practices. ... such that enforcing good security practices is "not my job, man", then ... firewall and load balancer. ...
    (comp.protocols.dns.bind)
  • Re: Same source port queries dropped by ServerIron load balancer
    ... any device that responds to DNS requests. ... It's really not the job of a load balancer or server to force clients to ... use good security practices. ... they can change DNS servers, ...
    (comp.protocols.dns.bind)
  • Re: Shared Win98 Printing in 2003 Mixed Domain
    ... are a lot of security settings - particularly security options in security ... network access:do not allow anonymous access to sam and sam and shares, ... manager authentication level to send ntlmv2 responses only, ... make sure that the W2003 servers are also wins clients. ...
    (microsoft.public.win2000.security)