Portable servers w/ questionable security benefits

I’ve discovered systemd added a container utility called systemd-nspawn. It’s basically chroot on steroids. (No, don’t think Docker)

I decided to give it a shot even they don’t consider it stable yet. I tried to implement encryption a bit. Data normally sitting duck on bare-metal unencrypted servers (mainly because encryption seems hard or you trust your data center & country). If someone reboots the server and adds “rescue” to grub kernel line, (s)he will get a root user prompt, bye to personal/commercial sensitive info!

I’m not sure about the security aspect, yet I’m still exploring possibilities. But at least I can say it’s “good enough”. Here is the plan;

  • Install your favorite distro on the server (with systemd) (Let’s call it L0)

  • Create and mount an encrypted block device large enough for you (use luks for example)

  • Create a chrooted install inside this partition (L1)

  • Dive in and setup your apps inside this chroot. Everything is inside; your apps, your configs, your data.

  • Backup this block device in binary form (from L0). rsync’s “copy-devices” parameter can use diffs on the encrypted files.

  • Profit!?

This prevents someone with a physical touch to interfere with data. If someone reboots the server, (s)he will need to remount encrypted partition manually (needs decryption password). You can also copy the partition n times (L2, L3…) for other services. Also moving your fully-working server will be copying one big file with this method, a.k.a. portability.

One other plus should be using cgroups-related benefits on containers (didn’t try this one) for example: resource-limiting!! Maybe you can create more secure/easy solution with an encrypted lvm partition and even Docker/LXC but hey, we’re experimenting here! So far, my experiment works (you can access my blog, right?).


Gürkan

linuxrant

287 Words

2015-05-08 11:07 +0200