I've been studying for my RHCSA/RHCE exam; While I have been reading a book on the subject, the primary study technique has been to build a full server at the house, featuring all the software that needs to be configured on the practical exam. I should be VERY ready when I finally walk in to take the exam, probably early next month.
Of course, it hasn't always gone smoothly... I initially built it in VMs on Citrix XenServer, but because each environment needed dedicated system resources, I ran out of RAM rather quickly. Next, I tried putting everything on one install, which seemed to be working alright until I turned on the router/firewall... Then everything inside the network, and everything outside the network worked... But aside from the firewall itself, nothing running on the server was accessible anywhere... I could probably fix it somehow, but from a security perspective, having it set up that way was still wrong.
I am now rebuilding the entire server system on three Linux Containers. Although, before a few days ago, I had never heard of them, so I've been researching them, and eventually on comparisons between them and FreeBSD jails. See, I had been operating on the belief that NetBSD was the Most Secure Operating System Ever™, and FreeBSD, it's close cousin, and it's Jails, MUST be similarly secure; I wondered how Linux Containers compared to that Holy standard.
In this vein, I found this blog post: http://aboutthebsds.wordpress.com/2013/01/13/freebsd-jails-are-a-huge-security-danger/. I was confused by it; How had I come to be so far off base? It occurs to me that IF FreeBSD jails were as good as they claim, then how the hell did the people that broke out of those jails on iOS actually do it? Maybe there's a thread of truth in that post.
I'm still a bit skeptical; I mean, this is a Linux guy bashing BSD... No one is surprised by this. Still, it appears to be well researched... This guy MIGHT know what he's talking about. I have read a lot on the blog now, the latest being this post: http://aboutthebsds.wordpress.com/2013/03/31/bsd-vs-linux/. All of the points make a lot of sense... At least logically. And it REALLY paints a terrifying picture of BSD.
Of course, I'm a Linux guy, so why do I even care about BSD at all? Well, one thing was FreeBSD Jails... But, apparently, they aren't what I ACTUALLY want. Another thing is ZFS; But even while I was writing this post, I was reading this article: http://www.eall.com.br/blog/?p=2481, and that has me rethinking that plan too... I'll have to read more on THAT subject as well.
So I'm building my servers on Linux Containers and (Where necessary), in Linux Kernel-mode Virtual Machines. Hopefully this will give me some reliability against my former problems, and maybe some security bonuses as well!
Friday, December 6, 2013
Subscribe to:
Posts (Atom)