What is an Immutable Service Container?

Posted on July 02, 2009

Glenn Brunette announces an OpenSolaris implementation of Immutable Service Containers.

"Immutable Service Containers are an architectural deployment pattern used to describe a platform for highly secure service delivery. Building upon concepts and functionality enabled by operating systems, hypervisors, virtualization, and networking, ISCs provide a secured container into which a service or set of services is deployed."

The OpenSolaris implementation is pre-configured with a non-exec stack, encrypted swap and scratch. Global and non-global zones run pre-hardened OpenSolaris.

The neat feature from an Incident Response perspective is that auditing is enabled by default and configured to audit login/logout events, admin actions and commands and audit logs get sent to the global zone. Command auditing includes command line arguments which greatly helps the analyst reconstruct what happened during an intrusion.

Source