What Are You Doing Right Now
-
@coliver said:
@johnhooks said:
@scottalanmiller said:
@johnhooks said:
@scottalanmiller said:
What is their logic for why AppArmor is unnecessary?
"AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem)."
Seems like sound logic /sarcasm
Yeah, he doesn't say why he feels it doesn't aid security only that the advantages aren't enough. That the advantages aren't enough might be valid, but that's not the same as not being important for security. Long passwords aren't always worth it either
I don't know anything about how AppArmor works, but I would be concerned to have Bind on a server with those other services and disable SELinux.
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
No, not really. I can understand LAMP and postfix to send out emails from a small site, but I can't imagine DNS with all of that other stuff.
-
@coliver said:
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
Depends on what kind of server you are on, lol. If you are on one that will let you run docker, then why not use docker to separate them out?
-
@johnhooks said:
@coliver said:
@johnhooks said:
@scottalanmiller said:
@johnhooks said:
@scottalanmiller said:
What is their logic for why AppArmor is unnecessary?
"AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem)."
Seems like sound logic /sarcasm
Yeah, he doesn't say why he feels it doesn't aid security only that the advantages aren't enough. That the advantages aren't enough might be valid, but that's not the same as not being important for security. Long passwords aren't always worth it either
I don't know anything about how AppArmor works, but I would be concerned to have Bind on a server with those other services and disable SELinux.
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
No, not really. I can understand LAMP and postfix to send out emails from a small site, but I can't imagine DNS with all of that other stuff.
I've never understood why they do that at all. I wouldn't host DNS myself no matter what. Lumping it all into a single server is extra nuts.
-
@dafyre said:
@coliver said:
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
Depends on what kind of server you are on, lol. If you are on one that will let you run docker, then why not use docker to separate them out?
Sure but aren't those "independent" servers at that point? They are sandboxed to not interact with one another.
-
@dafyre said:
@coliver said:
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
Depends on what kind of server you are on, lol. If you are on one that will let you run docker, then why not use docker to separate them out?
That's separated out, though, not lumped together. The issue here is that the "Perfect Server" goal from HowToForge is to throw as many services onto a single image as possible. It's not a good design at all for nearly any purpose. If you are running a web host, you would not want your LAMP on a single box even, let alone extra stuff.
-
@coliver said:
@dafyre said:
@coliver said:
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
Depends on what kind of server you are on, lol. If you are on one that will let you run docker, then why not use docker to separate them out?
Sure but aren't those "independent" servers at that point? They are sandboxed to not interact with one another.
Yes, those are considered individual containers, essentially the same as VMs.
-
@coliver said:
@dafyre said:
@coliver said:
In this day and age does it make sense to have multiple services on a server? That just seems like asking for trouble...
Depends on what kind of server you are on, lol. If you are on one that will let you run docker, then why not use docker to separate them out?
Sure but aren't those "independent" servers at that point? They are sandboxed to not interact with one another.
By default, yes.... Throw up an Apache + PHP container.... and a separate MySQL Container... Then point your Apache / PHP Apps to the MySQL Container for the databse... No different than if you put Apache + PHP on a VM and MySQL on a separate VM.
-
Me thinks I might be getting to grips with Docker. Kind of
-
@hobbit666 Good... once you get your grips with Docker, write up a how to for the rest of us, lol.
-
How useful are containers to the average IT person, excluding DevOps? It seems like they are designed for deploying hundreds of identical applications, not the one off apps that SMB IT generally uses.The learning curve seems to be much higher then a similar technology like virtualization which is pretty much set it and forget it.
-
@coliver said:
How useful are containers to the average IT person, excluding DevOps? It seems like they are designed for deploying hundreds of identical applications, not the one off apps that SMB IT generally uses.The learning curve seems to be much higher then a similar technology like virtualization which is pretty much set it and forget it.
Not very. Containers, especially Docker style ones, are very much not for standard IT and definitely not for the SMB world in general. VMs do more of what is needed.
-
@coliver said:
How useful are containers to the average IT person, excluding DevOps? It seems like they are designed for deploying hundreds of identical applications, not the one off apps that SMB IT generally uses.The learning curve seems to be much higher then a similar technology like virtualization which is pretty much set it and forget it.
I have my website in an LXC container. I mostly did it for practice, but if someone were able to gain access, they can't really do anything. It's run by a standard non-sudo user so they could affect the container and that users home dir but nothing else. Plus they are easy to backup and move around.
-
@scottalanmiller said:
@coliver said:
How useful are containers to the average IT person, excluding DevOps? It seems like they are designed for deploying hundreds of identical applications, not the one off apps that SMB IT generally uses.The learning curve seems to be much higher then a similar technology like virtualization which is pretty much set it and forget it.
Not very. Containers, especially Docker style ones, are very much not for standard IT and definitely not for the SMB world in general. VMs do more of what is needed.
That said, Docker still falls under the potentially useful things to learn category, IMO.
-
@dafyre said:
@scottalanmiller said:
@coliver said:
How useful are containers to the average IT person, excluding DevOps? It seems like they are designed for deploying hundreds of identical applications, not the one off apps that SMB IT generally uses.The learning curve seems to be much higher then a similar technology like virtualization which is pretty much set it and forget it.
Not very. Containers, especially Docker style ones, are very much not for standard IT and definitely not for the SMB world in general. VMs do more of what is needed.
That said, Docker still falls under the potentially useful things to learn category, IMO.
No argument there. Just that I've seen a lot of talk about it here and other locations and thought it was interesting that a technology geared more for the large scale enterprise and companies utilizing a cloud architecture was getting a lot of traction.
-
I agree, it is an odd one with the amount of interest it seems to generate while being mostly non-applicable. It's cool technology but extra amazing as it is Linux-only and containers have been available for over a decade and no one really seemed to care until now. What makes Docker so interesting when Zones, Jails, OpenVZ and others have been overlooked for so long.
-
@scottalanmiller said:
I agree, it is an odd one with the amount of interest it seems to generate while being mostly non-applicable. It's cool technology but extra amazing as it is Linux-only and containers have been available for over a decade and no one really seemed to care until now. What makes Docker so interesting when Zones, Jails, OpenVZ and others have been overlooked for so long.
Marketing? and hipsters?
-
@johnhooks said:
@scottalanmiller said:
I agree, it is an odd one with the amount of interest it seems to generate while being mostly non-applicable. It's cool technology but extra amazing as it is Linux-only and containers have been available for over a decade and no one really seemed to care until now. What makes Docker so interesting when Zones, Jails, OpenVZ and others have been overlooked for so long.
Marketing? and hipsters?
I used containers before they were cool? Is there such a thing as IT hipsters?
-
@coliver said:
@johnhooks said:
@scottalanmiller said:
I agree, it is an odd one with the amount of interest it seems to generate while being mostly non-applicable. It's cool technology but extra amazing as it is Linux-only and containers have been available for over a decade and no one really seemed to care until now. What makes Docker so interesting when Zones, Jails, OpenVZ and others have been overlooked for so long.
Marketing? and hipsters?
I used containers before they were cool? Is there such a thing as IT hipsters?
I was thinking of the people that argue that ZFS is always better than other file systems or that RoR is the only programming language that matters.
-
@johnhooks said:
I was thinking of the people that argue that ZFS is always better than other file systems ...
You mean it's not?
or that RoR is the only programming language that matters.
It is? Well shoot... now I gotta go learn a new programming language!
-