Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under
Interviews

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Bad Saved Games, Fedora Scheduling, and Scribbling

In tonight's Linux news, GamingOnLinux.com poster says "game saves are messing up our drives" - stop it! Phoronix.com is reporting on discussions of changing Fedora release schedule. Jack Germain says Scribbleton creates a personal local wiki to store anything from notes to books and Opera 25 draws near. Read more

Musique for Linux Review – A Minimalistic Player for You and Your Music

Musique is a minimalistic music player for the Linux platform that features a simple and clean interface. It's not like there is a lack of open source music players, so we've decided to see if this one is any good. Read more

CentOS 5.11 Officially Released, Probably the Last One in the Series

As you all know already, CentOS is an Enterprise-class Linux Distribution derived from sources provided by Red Hat. This is the eleventh update for the distribution and probably the last one. It features all the packages from all variants, including Server and Client, and the upstream repositories have been merged into a single one. Red Hat announced less than a month ago the release of their last update for Red Hat Enterprise Linux, 5.11. It stands to reason that CentOS 5.11 will also be the last update in the series. Read more

England's Healthwatch switches to open source CRM

England's Healthwatch organisations are now using CiviCRM, an open source solution for customer relationship management. "Open source affords access to a wide community of developers, which means that the software continues to develop and security updates and bug fixes are regularly rolled out", explains Tim Schofield, the organisation's interim systems manager. Read more