Re: Security question concerning jail or virtualization

To: debian-user@lists.debian.org
Subject: Re: Security question concerning jail or virtualization
From: Артур Истомин <art.istom@yandex.ru>
Date: Fri, 14 Mar 2014 17:29:05 +0000
Message-id: <[🔎] 20140314172905.GA9135@localhost>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAFNm86R87Tt6iHeQnwfgyTeShGAOuKTqmPKAZ1WiBzJ=Cm+fiQ@mail.gmail.com>
References: <[🔎] CAFNm86R87Tt6iHeQnwfgyTeShGAOuKTqmPKAZ1WiBzJ=Cm+fiQ@mail.gmail.com>

On Fri, Mar 14, 2014 at 03:50:09AM +0100, Martin Braun wrote:
> Hi
> 
> I have recently experienced a server being "hacked" due to a security
> problem with a PHP application that made it possible for the "hacker" to
> gain a web shell.
> 
> Due to this experience I would like to know what the best way to limit such
> problems is, especially when hosting web servers for users who may or may
> not installed unsecure applications on the web server.
> 
> What does the big hosters do? What do they use?
> 
> The solution can't be too complecated to maintain and I would prefer each
> user being completely seperated from the main OS and from other users.
> 
> I have been thinking about running Debian inside FreeBSD Jails or "The
> Warden". I have also been thinking about using Xen and installing several
> Debians on Debian.

Nginx/Apache on OpenBSD runs in chroot. I think it is wise to see how
they doing that.

Reply to:

References:
- Security question concerning jail or virtualization
  - From: Martin Braun <yellowgoldmine@gmail.com>

Prev by Date: Re: On what is helpful and what is not [was: Re: Wifi]
Next by Date: Re: CUPS Zebra EPL2 driver through Iceweasel or Evince
Previous by thread: Re: Security question concerning jail or virtualization
Next by thread: DPMS Xset Blank Screen
Index(es):
- Date
- Thread