Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under
Interviews

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Nouveau On Oibaf PPA Is Back To Running Well

Upstream Nouveau was unaware of this issue that was affecting my entire assortment of NVIDIA GeForce hardware so it was then quickly assumed to be an issue with the Oibaf PPA that constantly is packaging the latest open-source Linux GPU drivers. On top of mainline Mesa Git, recently there's been the the Gallium3D Direct3D 9 patches (Gallium-Nine). While none of my testing was relying upon the Gallium-Nine D3D9 support, it was wreaking havoc on the system anyhow. As of earlier today some patches were backed out of the Oibaf PPA and since getting back closer to Mesa mainline the Nouveau problems are a matter of the past. With that said, now I'm in the process of running some Nouveau Steam/Source Engine Linux gaming tests similar to today's 20-Way Radeon Comparison With Open-Source Graphics For Steam On Linux Gaming. Read more

Red Hat Shake-up, Desktop Users, and Outta Time

Our top story tonight is the seemingly sudden resignation of Red Hat CTO Brian Stevens. In other news, John C. Dvorak says "Linux has run out of time" and Infoworld.com says there may be problems with Red Hat Enterprise 7. OpenSource.com has a couple of interesting interviews and Nick Heath has five big names that use Linux on the desktop. Read more

Kano's Alejandro Simon: If This, Then Do That

The OS has been available since February. It is open source. We tried to release a new version of it every two or three weeks. Anybody who runs Rasperry Pi can use it. So we already have users. They share content and discuss features and exchange idea on our forums. So far, we have sold 18,000 kits since last year, through the Kickstarter campaign via preorder. We are now in production and have most of the different pieces in place. We will start shipping by the beginning of September, hopefully. We do the materials and the hardware and the components and the packages ourselves. Finally, it is all coming together. Read more

Why Linux Isn't a Desktop Alternative

The year of the Linux desktop has become a joke, referred to ironically when mentioned at all. Under the circumstances Linus Torvalds showed either courage or naivete when he admitted last week at Linuxcon that he still wants to see Linux become popular on the desktop. However, neither Torvalds nor anyone else should stay up nights waiting for the event. Most users have no awareness of the possibility, or set impossible standards for it, even though, for a minority, the year of the Linux desktop happened years ago. The problem is not a technical one, as it was in Linux's earliest days. Linux desktops like KDE's Plasma or Linux Mint's Cinnamon are not only the equal of any proprietary desktop, but in many ways more advanced. Read more