Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Openssh + security
  • From: "Dirk Schreiner" <Dirk.Schreiner@xxxxxxx>
  • Date: Wed, 14 Dec 2005 20:17:34 +0100
  • Message-id: <43A06FCE.3090402@xxxxxxx>
Hi,

Crispin Cowan wrote:
> Dirk Schreiner wrote:
>> Crispin Cowan wrote:
>>
>>> on the gateway machine. The latter is just as horrible for the security
>>> of your firewall as is running X on your firewall. Unless you use
>>> AppArmor :)
>>>
>> Oh,
>> you can chroot apache fairly well.
>>
> True, if you use any of a variety of confinement mechanisms (chroot,
> virtual machines (Xen, VMware, UML), AppArmor, SELinux) then you can
> achieve sufficient confinement of the web server that your firewall
> could be safe enough. The issue is how easy or difficult it is to
> achieve that, and to achieve it correctly because if the confinement has
> holes, then your security is at risk again. Chroot, in particular, has
> issues with being escapable if it is not configured correctly, so be
> careful.
>

I am ;-)

Btw. I don`t want to start another discussion thread about
AppArmor.

But if you have an configuration example handy for securing
apache2 on SuSE 10 I would like give AppArmor a chance.


Dirk






















TRIA IT-consulting GmbH
Joseph-Wild-Straße 20
81829 München
Germany
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
http://www.tria.de


Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: crispin@xxxxxxxxxx, bruno.cochofel@xxxxxxxxx, suse-security@xxxxxxxx
# Dateianhänge: 0























< Previous Next >