Vserver: secure mails from a hacked webservice
Posted
by
lukas
on Server Fault
See other posts from Server Fault
or by lukas
Published on 2011-01-30T11:09:15Z
Indexed on
2012/10/31
5:08 UTC
Read the original article
Hit count: 564
I plan to rent and setup a vServer with Debian xor CentOS. I know from my host, that the vServers are virtualized with linux-vserver.
Assume there is a lighthttpd and some mail transfer agent running and we have to assure that if the lighthttpd will be hacked, the stored e-mails are not readable easily.
For me, this sounds impossible but may I missed something or at least you guys can validate the impossibility... :)
I think basically there are three obvious approaches.
The first is to encrypt all the data. Nevertheless, the server would have to store the key somewhere so an attacker (w|c)ould figure that out.
Secondly one could isolate the critical services like lighthttpd. Since I am not allowed to do 'mknod' or remount /dev in a linux-vserver, it is not possible to setup a nested vServer with lxc or similar techniques.
The last approach would be to do a chroot but I am not sure if it would provide enough security. Further I have not tried yet, if I am able to do a chroot in a linux-vserver...?
Thanks in advance!
© Server Fault or respective owner