UML Re: [NBLUG/talk] A new colo box (with interesting ideas)

Mark Street jet at sonic.net
Fri Apr 25 08:17:01 PDT 2003


I have been putting UML though the paces quite a bit.  Gone so far as creating 
some of my own images.  Mostly for the courses I teach at the JC.  Right now 
I have a RH7.3, RH8.0, RH7.2, Slack8.1, Debian2.2, Debian3.0 images.  For my 
Intro To UNIX students I have been using a Debian2.2 image for general 
exploration and their "users" lab and Knoppix for their filesystems lab.

My plan is to create a whole network of virtual machines that my students can 
access through the net for my new Sys Admin courses at SRJC.  Everyone gets 
their own UML server, which runs as their UID on the system.  All changes 
they make to my read-only UML images in memory can be stored as a file in 
their home directory.  They can return to their saved system by calling UML 
with this filename.

Just make the whole thing a virtual network man!!!!  Don't even allow anyone 
on the "real" box.  Running a shell game on a host doesn't make for a very 
secure box... you should know that jake..... ; )  But on a UML host it would 
not be that bad.....

The only thing I have found is networking code for UML on the server runs SUID 
root....  I have networking disabled on gracie.....


On Tuesday 22 April 2003 11:17, error wrote:
> The reason for this is that each UML host is a disk image that is
> mounted via the loop back driver.
>
> With loop-aes we can encrypt each image and if the server is ever
> powered off, nothing can be gleamed from it.
>
> Meaning even with physical access, this machine would be hard to hack.
>
> I am looking for suggestions.
>
> Also I will be running a shell company out of one of the UML hosts. If
> one of those UML hosts gets rooted, it would be bad. I plan on using
> something like RSBAC to keep people from being a total jack ass on the
> box.
>
> Any input on this?

-- 
Mark Street, D.C.
Red Hat Certified Engineer
Cert# 807302251406074
--
Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
GPG key http://www.streetchiro.com/pubkey.asc




More information about the talk mailing list