Software usage for a jail?

Phishfry

Phishfry

I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and still have it function?

Am I wrong to equate a sandbox with a jail?

Here it implies Webmin works with jails:
http://doxfer.webmin.com/Webmin/Installation

So from the handbook I would want a service jail correct? I plan on using ez-jails.

I also like dabbling in net/hostapd. Would a separate jail work there too?

What about jails on Arm systems? Is it feasible?
 
Phishfry said:
I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and still have it function?
Click to expand...
If you intend monitoring your jail with sysutils/webmin, I don't see any reason why it shouldn't work. But I don't think you can run it jailed and to monitor your host system. The access to the host system resources from inside of the jail would defeat the intent of jails themselves.

Phishfry said:
Am I wrong to equate a sandbox with a jail?
Click to expand...
Yes and no. Jails are a form of sandboxing, but not all sandboxnig techniques work like jails. Give a look here: https://en.wikipedia.org/wiki/Sandbox_(computer_security)
Jails are full isolated systems, it's operating-system-level virtualization. Something like capsicum(4) seems what you are looking for, as sandboxing model.

Phishfry said:
I also like dabbling in net/hostapd. Would a separate jail work there too?
Click to expand...
I've never used net/hostapd, but as long it can interface itself with your network card, it should IMO.
 
I run Icinga2 (a Nagios work-alike) in a jail. It's just a web server, and I think Webmin is the same. That will work. But Webmin has a long history of security problems, and I would try to run something without that history.

Icinga2 can monitor the jail it is in, and much of that is the same as the host.
 
You must log in or register to reply here.
Back
Top