secure shell system
sjansen at buscaluz.org
Sun Apr 18 17:55:05 MDT 2010
On Sun, 2010-04-18 at 12:24 -0600, Christer Edwards wrote:
> I've been doing some research recently on securing and limiting shell
> access to a server. I thought I would pose the question here.
> Hopefully we'll all get something beneficial out of the discussion,
> and it'll give us a break from name calling on the Net Neutrality
> thread. :P
So, what, you want free consulting? We should just give you our valuable
intellectual property? Marxist!
> What operating system / distribution would you use? Why?
Linux. Duh. It runs on everything, it's highly configurable, and I know
it well. Marxist.
> What would you use to ensure privacy between users (home folders,
> personal files, etc)
If standard unix permissions and FACLs aren't enough, I would use PAM
and/or SELinux. For example, check out Fedora's xguest. We're using
something inspired by it to allow customers to run a graphical app
remotely in a very locked down but useful environment. Marxist.
> What would you use to ensure users don't use too many resources (cpu,
> memory, disk space, etc)
Oh, you know, pam_limit, quotas, cgroups, the usual. Marxist.
> What would your partitioning scheme look like? Why?
/ - Everybody loves root
/tmp - Tighter mount options
/home - Quotas
> What other security/privacy/resource utilities would you implement on
> your system?
Network bandwidth. Storage bandwidth. Marxist.
"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden
More information about the PLUG