Creating an ultra secure hosting environment, chroot each user, containers, VMs? what is best way?
by Red Squirrel from LinuxQuestions.org on (#5SNDT)
I want to create a hosting environment where each user is basically isolated from the rest of the system. I am thinking a chroot environment, where there is it's own apache instance, mysql instance, SSH instance, dovecot, smtp etc...
End goal would be to create an application with a web front end that is used to manage all of this to automate everything, so there would be an admin panel to create new users and then each user could login and manage their own virtual hosts, mailboxes, DNS records etc...
I am wondering what would be the best approach to doing this, is chrooting the way to go? The tricky part is managing TCP ports, as obviously if I have multiple instances of mysql etc running I can't just bind them all to the same port. For apache I can probably use a reverse proxy setup but for mail etc it might be harder. For some services like DNS I can probably still have a master one, and then a helper script would simply read the config from each user's chroot instance and then update the DNS one. Suppose I could do that for mail too. For MySQL probably best to keep it separate for each user. Should not be a problem to just listen to different ports right?
SMTP would perhaps be the trickiest as I don't think you can listen on different ports as far as receiving mail goes, as when other SMTP servers lookup the MX record and connect they assume 25 right? I could probably have a dedicated chroot environment for SMTP though.
Of course such a setup would have larger overhead, but I'm open to ideas, I basically want to create something super secure where any application that has an exploit in it, is limited to a very small space and can't be used to compromise the entire system. Even if there is a known exploit for privilege escalation etc. I want to design this to be secure from the ground up so I put less faith in the security of each individual service, essentially.
End goal would be to create an application with a web front end that is used to manage all of this to automate everything, so there would be an admin panel to create new users and then each user could login and manage their own virtual hosts, mailboxes, DNS records etc...
I am wondering what would be the best approach to doing this, is chrooting the way to go? The tricky part is managing TCP ports, as obviously if I have multiple instances of mysql etc running I can't just bind them all to the same port. For apache I can probably use a reverse proxy setup but for mail etc it might be harder. For some services like DNS I can probably still have a master one, and then a helper script would simply read the config from each user's chroot instance and then update the DNS one. Suppose I could do that for mail too. For MySQL probably best to keep it separate for each user. Should not be a problem to just listen to different ports right?
SMTP would perhaps be the trickiest as I don't think you can listen on different ports as far as receiving mail goes, as when other SMTP servers lookup the MX record and connect they assume 25 right? I could probably have a dedicated chroot environment for SMTP though.
Of course such a setup would have larger overhead, but I'm open to ideas, I basically want to create something super secure where any application that has an exploit in it, is limited to a very small space and can't be used to compromise the entire system. Even if there is a known exploit for privilege escalation etc. I want to design this to be secure from the ground up so I put less faith in the security of each individual service, essentially.