matt.kuiken at verizon.net
Sun Jun 18 02:38:20 UTC 2006
I have searched a little on the web, but I'm by no means done with my
research. I just wanted to ask this question here to get the general
opinions of my approach.
I have an old Pentium 233MMX that I have been playing with Xubuntu on.
I am really surprised and happy about how well Xubuntu works on it.
Enough so that this has become a major hobby project.
I bought a 200 GB drive for it, and have it up and working. I decided
that I will use part of that drive as a backup for my laptop and
portable USB hard drives. I want this section of the drive to only be
accessible over my home network. In fact, I have no problem with the
data on that partition not even being accessible to a person sitting at
that machine's console. I am thinking about using an encrypted file
system for this purpose, and keeping the passwords/keys on my laptop.
Since Xubuntu is working so well on the machine, I thought it would be
interesting to set up a web site, perhaps with something similar to a
MoinMoin wiki in it. I have an application in mind for this web site
already, but realize that the bandwidth to this site will be really low
because of my DSL. It is not a project that I am going to update to
business level service for.
My main question about this situation is security. If I am going to
make this machine available to the web, I want to make sure that if it
gets 'owned' that my backup data is not at risk. For this purpose, I am
thinking of running the web server in a VM. I know this'll be slow, but
I think the Internet connection will still be the bottleneck. I am
wondering if someone 'owns' a VM, can they get access to files that are
in the file system on the server that is hosting the VM? It seems like
the VM shouldn't be able to get access to files outside its configured
file system area, but I do not really know how the VM works in this
I already have the machine set up so that I can access it through ssh on
my home network. I have not opened that up to the Internet, and am not
certain I will, even though I have it set up to use RSA keys with my
laptop, and have disabled password based login. I am pretty sure that
this is secure, as I followed the instructions here:
Including the stuff here:
to ensure that I have locked out most places of entry. I plan to
continue to use vnc over ssh in order to do the main admin and
configuration tasks for this machine.
So, the main questions of this whole long story are:
Is this a good way of going about this task, to secure my data, but at
the same time create a hobby web server?
Should I just give this up, and just be happy that this thing works as a
Is there an easier way of setting this thing up that still has enough
security, but makes a decent web facing machine?
Are the files outside of a VM safe from anything inside the VM?
(general curiosity here, above and beyond just this project.)
Sorry for the long post, but I figured this one needed a good
explanation of what I am trying to accomplish in order to produce the
types of answers I'm looking for.
More information about the ubuntu-users