Scribd Logo
Upload

Welcome to Scribd!

  • Chroot The BIND DNS Server

    Uploaded by

    Ajith Raj
    263 views3 pages
    DNS

    Original Title

    Chroot the BIND DNS Server

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    DNS

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    263 views3 pages

    Chroot The BIND DNS Server

    Uploaded by

    Ajith Raj
    DNS

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    5/11/2011

    Solaris DNS : chroot the BIND DNS serv

    Gurkulindia.com
    System Administration, Security and Success About Contact us Members Only Site Map

    RSS
    0

    Thanks for visiting gurkulindia ......... Members Only : Self L

    Solaris DNS : chroot the BIND DNS server


    06 Feb The idea behind running BIND in a chroot jail is to limit the amount of access any malicious individual could gain by exploiting vulnerabilities in BIND. It is for the same reason that we run BIND as a non-root user. This should be considered as a supplement to the normal security precautions (running the latest version, using access control, etc.), certainly not as a replacement for them. The process described below prevents access to the / (root) directory if BIND is hacked. It is possible with BIND version 8 or above, and is supported on Solaris 8 or above. 1. Create the user who will be running BIND. Dont run BIND as root. useradd -g nobody -s /usr/bin/false dnsguy 2. Create chroot directory and set permissions: mkdir -p /chroot/etc /chroot/var /chroot/var/run chown dnsguy /chroot/var/run chgrp nobody /chroot/var/run 3. Move zone and named.conf files over: mv /etc/named.conf /chroot/etc mv /var/named /chroot/var/named 4. Copy some more /etc/ files over:
    gurkulindia.com//solaris-dns-chroot-th 1/3

    5/11/2011

    Solaris DNS : chroot the BIND DNS serv

    cp /etc/TIMEZONE /etc/profile /chroot/etc 5. Start in.named: /usr/sbin/in.named -u dnsguy -t /chroot


    Republished by Blog Post Promoter

    No Comments Posted in DNS, Solaris Troubleshooting

    Leave a Reply
    Name (required)
    Socrates

    Mail (will not be published) (required)


    ajithengg@gmail.com

    Website Comment

    Submit Comment

    Did you read ?


    Solaris NIS and Netgroups : Restricting logins on a machine using compat mode and netgroups Solaris 10 : Migration from NFSv3 to NFSv4 Data Center Designing: Network Connectivity Standards

    Browse
    Select Category 2/3 gurkulindia.com//solaris-dns-chroot-th

    5/11/2011

    Solaris DNS : chroot the BIND DNS serv

    Subscribe Posts

    Enter your email address:

    Subscribe

    Access
    Register Log in Entries RSS Comments RSS WordPress.org

    Tags
    boot configuration configure containers disk DNS error failed grow how to installation linux memory network interface network troubleshooting NFS nfs troubleshooting nis reboot recover recovery Redhat linux repair replacement rhel5 root
    disk SDS SMF Solaris

    Solaris 10 Solaris 10 troubleshooting Solaris internals solaris learning solaris sds

    Solaris Troubleshooting storage SVM troubleshooting VCS Veritas cluster


    veritas volume manager Volume manager VxVM vxvm troubleshooting Zones

    (C) Copyrights reserved to gurkulindia.com


    Content Protected Using Blog Protector By: PcDrome.
    Improve Your Life, Go The myEA SY Way

    gurkulindia.com//solaris-dns-chroot-th

    3/3

    You might also like