[NBLUG/talk] A new colo box (with interesting ideas)

error error at sonic.net
Tue Apr 22 11:17:01 PDT 2003


Hi all,

So I am working on setting up a new server to replace my old one hosted
in southern california.

I have chosen unitedcolo.com, the price is right and the location of the
cage isn't bad.

So what sets this box apart is that I plan on running the entire thing
inside a sort of super chroot.

An example service like dns:

physical machine with linux, UML host inside that bound to an external
ip, dns running on that UML host.

So the box will have many UML hosts.

looking like this (I suppose)

-------------------------------
|          Main Host          |
-------------------------------
\\            \\
[UML host]    [UML host]
  \\
   [services on each host]


etc.

The reason for this is that each UML host is a disk image that is
mounted via the loop back driver.

With loop-aes we can encrypt each image and if the server is ever
powered off, nothing can be gleamed from it.

Meaning even with physical access, this machine would be hard to hack.

I am looking for suggestions.

Also I will be running a shell company out of one of the UML hosts. If
one of those UML hosts gets rooted, it would be bad. I plan on using
something like RSBAC to keep people from being a total jack ass on the
box.

Any input on this?

-- 
error <error at sonic.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: This is a digitally signed message part
Url : http://nblug.org/pipermail/talk/attachments/20030422/39e5f9bd/attachment.pgp


More information about the talk mailing list