Menu
▾
▴
Re: [uml-user] Possible UML project undertaking. Have some questions.
|
From: roland <for...@gm...> - 2003-12-16 16:43:40
|
Hi sergeant :)
>Is it feasible to use UML for this scenario, assuming the host machine is pwerful enough.
running 50 uml`s at the same time on a single FAT host should _basically_ be possible, but
not recommended. it absolutely depends of WHAT the users need todo INSIDE an uml. it`s
really a matter of load, these 50 concurrent users will produce. so at least you need to
estimate, what "average" and "maximum" load a user will generate, and test, how the system
behaves in such situations. letting 50 users run hping,nmap and nessus on the same machine
at the same time should generate a huge amount of load, IMHO - and this especially if inside
an UML, because we have the "syscall-overhead". why not splitting things up? AFAIK, hping,nmap
and nessus are basically usable on a "per user" basis from within a single OS. if you need to
give the users root privileges, you could easily wrap those commands with "sudo" or make them
suid - so, do you really need separate OS`s for every single user? why not giving them just an
account and let them run a defined set of applications, configured for them individually?
as a rule of thumb: what you can "multi instanciate" on a single box, you won`t need to run
isolated inside separate ones. i think, you even should be able to run nessus on a per-user
basis on a single box.
at least there are configuration options for nessus, which give me that impression. from the
nessusd manpage:
nessusd [-v] [-h] [-c config-file] [-a address ] [-p
port-number] [-D] [-d]
-c <config-file>, --config-file=<config-file>
Use the alternate configuration file instead of
@NESSUSD_CONFDIR@/nessus/nessusd.conf
-p <port-number>, --port=<port-number>
Tell the server to listen on connection on the port
<port-number> rather than listening on port 1241
(default).
sure - here you need to do lots of configuration and testing, too.(i`m not sure - but you probably
run into problems with the TCP/IP stack on a single system when doing agressive portscanning from
within 50 useraccounts)
plese see this just as an idea and a suggestion - i don`t know the very details of your scenario
and perhaps there IS a real need for UML or similar, though.
>Is there any easy way to create UMLs for new users?
sure there is. you just need a read-only root-filesystem and can use the copy-on-write feature.
so you can clone UML`s somewhat "on the fly".
>Can the creation of a UML be automated?
sure. shouldn`t be too hard, too. one recommended example to configure an uml from the "outside"
is on the uml website. see: http://user-mode-linux.sourceforge.net/config.html
>Would the maintenance of that many UMLs be too mcuh to handle?
that depends on WHAT you need to maintain. if they just all need to be identical (and only differ
in hostname/ip) that should be quite easy
>Users will have access to their UML, and from there they should be able to run applications
>like nmap, hping, nessus against an internal target network. Can UML handle applications such
>as nmap or will there be problems?
i think this should work. watch out for the uml-bridging howto for uml network configuration.
if you setup the uml`s network in bridged mode, you shouldn`t run into problems with the hosts
tcp/ip stack, because the host`s stack isn`t related to the uml`s at all and all he does is
forwarding ethernet packets.
regards
roland
----- Original Message -----
From: Sgt B
To: use...@li...
Sent: Tuesday, December 16, 2003 4:47 PM
Subject: [uml-user] Possible UML project undertaking. Have some questions.
We're planning on setting up UML for an upcoming project. We're going to need approximately 250-300 seperate UMLs. Each user will
have access to his/her own UML. We're expecting about 50 users online at any given time. Is it feasible to use UML for this
scenario, assuming the host machine is pwerful enough.
Is there any easy way to create UMLs for new users? Can the creation of a UML be automated? Would the maintenance of that many UMLs
be too mcuh to handle?
Another question...
This project is a security based project. Users will have access to their UML, and from there they should be able to run
applications like nmap, hping, nessus against an internal target network. Can UML handle applications such as nmap or will there be
problems?
Just wanted to ask before I dive into UML.
Thanks!
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
|