I'm looking at building a hosting service to host a couple services. It's a games deal, so users will need to log in and compile their code etc. What sorts of mechenisms should I put in place to keep them from launching outbound connections within limitations and resources? Is that all I'd need to worry about?
also, would there be a way to limit them to x number of inbound ports?
Depends on your OS.
http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
that's one way
basically the only kind of way to limit is block system calls
linux has something similar as well i think
the other way is to have virtual code rather than real code
like a c interpreter
Linux has SELinux and Apparmor
not that I have any extensive experience with either
but I'm told OpenSuSE has a solid default Apparmor install
just updated my vps to fbsd 9.1-RELEASE :)
oooh 9.1-release is out? spiffy
ugh - that means 8.3 is probably eol'ed, and it's time for me to update everything
oh it's not officially built according to http://www.freebsd.org/releases/9.1R/schedule.html
brycec: its on the mirrors already
still gotta go through secteam :/
i think there'll be a freebsd 8.4 randal
or maybe not
google says they don't have enough manpower
someone had idea of kickstarter project
hmm. I'm using freebsd, but I'm thinking I might just need to do some traffic inspection.
that would be easier than trying to log everything.
My main concern is, I have 3 users. user1 compiles a program and runs a DOS against someone else and I get an abuse report. I need to handle it, but I need to track the user that did it.
hmm
freebsd or openbsd...
openbsd
why
what makes openbsd's shit smell sweeter?
that is a rather silly question
what is this for?
it contains itself
it's not randomly disobedient
what is what for? i want a bsd box for fuckin' around on.
perl, irc. etc.
randomly disobedient?
openbsd has better man pages, is more consistent, less crap in the base install
what?
and higher quality standards
that said there are less knobs.
well he was talking about shitting
so i thought of dogs
why has a user on irc automatically got to be male? (:
because english doesn't have a gender-neutral pronoun
there's a generally accepted gender neutral pronoun.
'ze'
ze/zir, etc
first time i've heard of that
well, now you know. (:
tell your friends.
hm
a cursory glace at some internet sources point to a focus on security first
i like this.
are you a feminist dr_jkl?
cos it seems strange to go on a tirade like that randomly
tirade? hardly. i was simply passing on some info
like a 'hey, didja know...'