Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under
Interviews

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Epiphany Browser to Add New "Copy Image" Context Menu Item, Support IDN URLs

Even if it might not become your everyday web browser, Epiphany is getting much-deserved attention from the GNOME Project, which plans on implementing many new features for the next major release, Epiphany 3.24. Read more

Oracle Continues to Improve Linux 4.10 Kernel Support in New VirtualBox Releases

Oracle today, January 17, 2017, announced the release of VirtualBox 5.1.14 and 5.0.32, the seventh and sixteenth maintenance updates to the VirtualBox 5.1 and VirtualBox 5.0 stable series respectively. Read more

Meet the new Week view

This morning, I had some free hours to spend on my baby Calendar, and of course I’d spend on what matters the most: the Week view. I’ve been working on and off in this feature for quite a while, and the last missing piece was proper drag n’ drop support. Fear no more!, and say hello to the new Week view in GNOME Calendar Read more

Mycroft AI Intelligent Personal Assistant Now Available as a Raspberry Pi Image

It's been very quiet lately for the Mycroft project, an open-source initiative to bring a full-featured intelligent personal assistant to Linux desktops, but it looks like it's still alive and kicking, and it's now available as a Raspberry Pi image. Read more