Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Porteus Kiosk 3.6.0 has been released!

I'm pleased to announce that Porteus Kiosk 3.6.0 is now available for download. New version sums all the development which happened in the last 3 months and which can be tracked with details in the changelog to the Porteus Kiosk 'automatic updates' service. Read more

Linux-ready Qseven COM taps new Cortex-A15 Renesas SoC

iWave has announced an industrial temperature Qseven form-factor module that runs Linux on the new, dual-core, Cortex-A15 Renesas RZ/G1-M SoC. Bangalore, India based iWave Systems is typically associated here with SODIMM-style computer-on-modules based on Freescale SoCs, such as the iW-RainboW-G18M-SODIMM i.MX6UL. For its new iW-RainboW-G20M-Q7 module, iWave is branching out with a Qseven form factor COM built around the recently announced Renesas RZ/G series of ARM SoCs. Specifically, the iW-RainboW-G20M-Q7 module runs Linux on the dual-core, 1.5GHz RZ/G1M, which uses Cortex-A15 architecture, as opposed to the dual-core Cortex-A7 based RZ/G1-E. Read more

Gen 5 Briq mini-PC runs Black Lab Linux on Core i3 or i5

The slimmer, completely air-cooled Black Lab Briq Gen 5 mini-PC has Mac Mini-like specs and runs Black Lab Linux on a Core i3 or i5 CPU. PC/OpenSystems has offered a commercial version of the Black Lab Linux distribution since 2007, and sponsors Black Lab Software, which sells the community version. The company has now released its fifth generation of the Black Lab BriQ mini-PC. The system is pre-installed with the commercial version of the Ubuntu-based Black Lab Linux, with prices starting at $450, including a three-year warranty. Read more

Google killing Chrome for 32-bit Linux

  • Google killing Chrome for 32-bit Linux
    If you live in the web browser, using a Linux-based operating system makes a lot of sense. By combining say, Ubuntu and Google Chrome, you can have a very secure and easy-to-use platform running the world's best web browser. A bloated and heavy Windows 10, for instance, could be unnecessary.
  • Google ends 32-bit Linux support for Chrome
    The first signs of the end of 32bit are on the wall - starting with Linux. I wonder how long Google will continue to support 32bit Chrome on Windows. For some strange reason, Microsoft is still selling 32bit Windows 10.
  • Google Decides to End Support for Google Chrome on 32-bit Linux OSes
    The brief announcement was made an hour ago by Dirk Pranke on the Chromium-dev group, and it informs users of Ubuntu and Debian GNU/Linux distributions that starting with March 2016, the Google Chrome web browser will no longer be available for 32-bit hardware platforms.