Software usage for a jail?

Phishfry

Son of Beastie

Reaction score: 1,402
Messages: 4,131

I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and still have it function?

Am I wrong to equate a sandbox with a jail?

Here it implies Webmin works with jails:
http://doxfer.webmin.com/Webmin/Installation

So from the handbook I would want a service jail correct? I plan on using ez-jails.

I also like dabbling in net/hostapd. Would a separate jail work there too?

What about jails on Arm systems? Is it feasible?
 

Maxnix

Well-Known Member

Reaction score: 197
Messages: 323

I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and still have it function?
If you intend monitoring your jail with sysutils/webmin, I don't see any reason why it shouldn't work. But I don't think you can run it jailed and to monitor your host system. The access to the host system resources from inside of the jail would defeat the intent of jails themselves.

Am I wrong to equate a sandbox with a jail?
Yes and no. Jails are a form of sandboxing, but not all sandboxnig techniques work like jails. Give a look here: https://en.wikipedia.org/wiki/Sandbox_(computer_security)
Jails are full isolated systems, it's operating-system-level virtualization. Something like capsicum(4) seems what you are looking for, as sandboxing model.

I also like dabbling in net/hostapd. Would a separate jail work there too?
I've never used net/hostapd, but as long it can interface itself with your network card, it should IMO.
 

wblock@

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 3,644
Messages: 13,850

I run Icinga2 (a Nagios work-alike) in a jail. It's just a web server, and I think Webmin is the same. That will work. But Webmin has a long history of security problems, and I would try to run something without that history.

Icinga2 can monitor the jail it is in, and much of that is the same as the host.
 
Top