Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under
Interviews

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Today in Techrights

FreeBSD-Based TrueOS Operating System Gets New Jail Tools, Automounting Feature

The developers of the FreeBSD-based TrueOS operating system (formerly PC-BSD) announced the release and general availability of a new stable build versioned 2017-02-22. Read more

Calamares 3.1 Distribution-Independent Linux Installer Officially Released

The Calamares open-source universal installer framework for Linux-based operating systems has been updated recently to version 3.1, a major release the users of the KaOS GNU/Linux distribution can already enjoy if they download the latest ISO snapshot. Read more

Reiser4 Updated For The Linux 4.10 Kernel

The out-of-tree Reiser4 file-system has been updated for the Linux 4.10 kernel. Reiser4 for the Linux 4.10.0 kernel is available as of earlier this week, managing to release their updated file-system driver code quite promptly. This port to Linux 4.10 yielded a few changes to the Reiser4 code as they re-based to this Linux kernel with the ->readlink() of inode operations being removed as well as the WRITE_FLUSH_FUA flag being removed. Read more