From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 17 Jan 2004 - 05:25:20 GMT
Hi Folks!
a short overview what should be considered regarding
linux-vserver security and stability:
security:
- do not enable features you do not need
- do not give linux capabilities to vservers
without really good reason
- do not run services on the host, except for
the minimal set (sshd, ntpd, syslog)
- make sure that the 000 barrier is there
and working
- do not use local loopback inside a vserver
- make sure your /proc entries are restricted
- try to follow security fixes (kernel)
stability:
- do not enable SMP in kernel used on single
processor machines (unless Xeon/P4 HT)
- do not select kernel features/drivers your
hardware doesn't need
- avoid preemption
- do not run services on the host, except for
the minimal set (sshd, ntpd, syslog)
- avoid cronjobs starting on all servers at
once (smart daily cron rotation)
- do not use experimental or development
kernels/patches unless you absolutely need
the provided features
HTH,
Herbert
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver