* Paul Hartman <paul.hartman+gen...@gmail.com> wrote: <snip>
Apropos cracked machines: In recent years I often got trouble w/ cracked customer's boxes (one eg. was abused for SIP-calling people around the world and asking them for their debit card codes ;-o). So thought about protection against those scenarios. The solution: Put all remotely available services into containers and make the host system only accessible via special channels (eg. serial console). You can run automatic sanity tests and security alerts from the hosts system, which cannot be highjacked (as long as there's no kernel bug which allows escaping a container ;-o). This also brings several other benefits, eg. easier backups, quick migration to other machines, etc. cu -- ---------------------------------------------------------------------- Enrico Weigelt, metux IT service -- http://www.metux.de/ phone: +49 36207 519931 email: weig...@metux.de mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 ---------------------------------------------------------------------- Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme ----------------------------------------------------------------------
