Re: Security question concerning jail or virtualization

2014-03-14 Thread Артур Истомин
On Fri, Mar 14, 2014 at 03:50:09AM +0100, Martin Braun wrote: > Hi > > I have recently experienced a server being "hacked" due to a security > problem with a PHP application that made it possible for the "hacker" to > gain a web shell. > > Due to this experience I would like to know what the best

Re: Security question concerning jail or virtualization

2014-03-14 Thread Mr Queue
On Fri, 14 Mar 2014 03:50:09 +0100 Martin Braun wrote: > Hi > > I have recently experienced a server being "hacked" due to a security > problem with a PHP application that made it possible for the "hacker" to > gain a web shell. > > Due to this experience I would like to know what the best way

Re: Security question concerning jail or virtualization

2014-03-14 Thread shawn wilson
On Fri, Mar 14, 2014 at 4:30 AM, Scott Ferguson wrote: > On 14/03/14 15:51, shawn wilson wrote: >> >> On Mar 14, 2014 12:13 AM, "Brad Alexander" > > wrote: >>> >> > > Due to this experience I would like to know what the best way to >> limit such problems is, espec

Re: Security question concerning jail or virtualization

2014-03-14 Thread Scott Ferguson
On 14/03/14 15:51, shawn wilson wrote: > > On Mar 14, 2014 12:13 AM, "Brad Alexander" > wrote: >> > Due to this experience I would like to know what the best way to > limit such problems is, especially when hosting web servers for users > who may or may not in

Re: Security question concerning jail or virtualization

2014-03-13 Thread shawn wilson
On Mar 14, 2014 12:13 AM, "Brad Alexander" wrote: > >>> >>> Due to this experience I would like to know what the best way to limit such problems is, especially when hosting web servers for users who may or may not installed unsecure applications on the web server. > > > Auditing your security is

Re: Security question concerning jail or virtualization

2014-03-13 Thread Brad Alexander
On Thu, Mar 13, 2014 at 11:39 PM, shawn wilson wrote: > Well Linux has LXC which is supposed to be equivalent to jails (also see > docker). But use whatever suits you. > As are the older-school OpenVZ and Linux VServer technologies. > Idk what's current for breaking out of VMs is. It might be go

Re: Security question concerning jail or virtualization

2014-03-13 Thread Scott Ferguson
On 14/03/14 13:50, Martin Braun wrote: > Hi > > I have recently experienced a server being "hacked" due to a security > problem with a PHP application that made it possible for the "hacker" to > gain a web shell. Has that problem been rectified? If not then virtualization won't solve the problems

Re: Security question concerning jail or virtualization

2014-03-13 Thread shawn wilson
Well Linux has LXC which is supposed to be equivalent to jails (also see docker). But use whatever suits you. Idk what's current for breaking out of VMs is. It might be good to pay attention to who is using the most entropy and make sure you don't run out. Most VMs use processor VT to isolate thin