4 Apr
2012
4 Apr
'12
12:36 p.m.
On Tue, 3 Apr 2012 18:10:12 -0400 Kaiting Chen wrote:
Yeah run each service as an unprivileged user and you should be fine. If security is very critical than run something like SELinux or a similar RBAC system.
If you don't mind compiling a kernel, grsecurity and it's accompanying rbac or using rsbac instead are even better than SELinux. rsbac will cost you the most time. Grsecurity's rbac has a learning mode but won't let you selectively apply as the author sees that as a false sense of security. OpenBSD is my favourite option for servers but not for nfsv4. Do you need file locking or can you use something like sftp (ssh file transfer)?