LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page Is chrooted bind really necessary?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Tags used in this thread
Popular LQ Tags , ,

Reply
 
Thread Tools
Old 01-15-2009, 03:46 AM   #1
jarco
LQ Newbie
 
Registered: Apr 2007
Location: Diepenbeek, Flanders
Distribution: Debian/ubuntu
Posts: 6
Thanked: 0
Is chrooted bind really necessary?

[Log in to get rid of this advertisement]
Hello all,

I recently tried to install bind chrooted on a completely fresh debian etch r2.
I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind?

So since I don't know i ask you guys

Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind?
jarco is offline  
Tag This Post , ,
Reply With Quote
Old 01-15-2009, 03:59 AM   #2
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,603
Thanked: 106
I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.
Last edited by win32sux; 01-15-2009 at 04:08 AM..
win32sux is offline     Reply With Quote
Old 01-15-2009, 01:32 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 16,716
Blog Entries: 30
Thanked: 283
In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.
unSpawn is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache chrooted? clau_bolson Linux - Server 1 12-23-2008 09:08 AM
Bind problem: config files are missing after re-install bind 9.5 on Fedora Core 8 elvisious Linux - Software 1 07-15-2008 08:49 PM
how to get out of the chrooted environment kirtikjr Linux - Software 1 07-12-2007 06:40 PM
What does chrooted mean? Red Squirrel Linux - Software 6 08-21-2005 09:41 PM
Chrooted Apache dominant Linux - Security 4 09-20-2004 03:48 AM


All times are GMT -5. The time now is 06:54 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration