search for: basici

Hi, On my public servers, I usually run BIND for DNS. I see CentOS offers a preconfigured (sort of) bind-chroot package. I wonder what's the effective benefit of this vs. a "normal" BIND setup without chroot. On my Slackware servers, I have a rather Keep-It-Simple approach to all things security, e. g. run no unneed services, open only needed ports etc. but I don't run the extra

...xtra mile (and haven't been bitten so far). > > Any suggestions? (No flamefest please.) bind went through a rocky stage where there were a LOT of security holes in it. by running it in a chroot, you limit its ability to be used as a hacking point of entry. recent versions of bind (basicially, 9 and newer) are much more secure, so this is less of a concern. -- john r pierce, recycling bits in santa cruz

...wat you are using the book for..I myself have been trying for a long time to find a document that describes basic RedHat and Linux security, what to look for, inherent dangers etc etc. So I was overjoyed when I found this book. No, I am not depending on it as a sole source of information, but the basicis that it covers simply do not get repeatadly posted to the lists you mentioned, at least not that I have seen. I think it is a wonderful intro into system security, but it should be made clear that it is not intended as a "fix-all". Just my two cents. -- Jason Welman -----Original Mes...

...n so far). >> >> Any suggestions? (No flamefest please.) > > > bind went through a rocky stage where there were a LOT of security > holes in it. by running it in a chroot, you limit its ability to be > used as a hacking point of entry. recent versions of bind > (basicially, 9 and newer) are much more secure, so this is less of a > concern. > > But make sure to have SELinux enabled if you do not run it chrooted. I have mine running that way.