From: Dirk Schreiner (Dirk.Schreinertria.de)
Date: Wed Dec 14 2005 - 13:17:34 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Crispin Cowan wrote:
> Dirk Schreiner wrote:
>> Crispin Cowan wrote:
>>
>>> on the gateway machine. The latter is just as horrible for the security
>>> of your firewall as is running X on your firewall. Unless you use
>>> AppArmor :)
>>>
>> Oh,
>> you can chroot apache fairly well.
>>
> True, if you use any of a variety of confinement mechanisms (chroot,
> virtual machines (Xen, VMware, UML), AppArmor, SELinux) then you can
> achieve sufficient confinement of the web server that your firewall
> could be safe enough. The issue is how easy or difficult it is to
> achieve that, and to achieve it correctly because if the confinement has
> holes, then your security is at risk again. Chroot, in particular, has
> issues with being escapable if it is not configured correctly, so be
> careful.
>

I am ;-)

Btw. I don`t want to start another discussion thread about
AppArmor.

But if you have an configuration example handy for securing
apache2 on SuSE 10 I would like give AppArmor a chance.

Dirk
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
TRIA IT-consulting GmbH
Joseph-Wild-Straße 20
81829 München
Germany
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
http://www.tria.de
 
 
Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreinertria.de
Nachricht an: crispinnovell.com, bruno.cochofelgmail.com, suse-securitysuse.com
# Dateianhänge: 0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]