LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-15-2009, 03:46 AM   #1
jarco
LQ Newbie
 
Registered: Apr 2007
Location: Flanders
Distribution: Fedora / Centos / Elementary / Debian / Ubuntu / Manjaro
Posts: 17

Rep: Reputation: 0
Is chrooted bind really necessary?


Hello all,

I recently tried to install bind chrooted on a completely fresh debian etch r2.
I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind?

So since I don't know i ask you guys

Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind?
 
Old 01-15-2009, 03:59 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.

Last edited by win32sux; 01-15-2009 at 04:08 AM.
 
Old 01-15-2009, 01:32 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,675
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.
 
  


Reply

Tags
bind, chroot, dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache chrooted? clau_bolson Linux - Server 1 12-23-2008 09:08 AM
Bind problem: config files are missing after re-install bind 9.5 on Fedora Core 8 elvisious Linux - Software 1 07-15-2008 08:49 PM
how to get out of the chrooted environment kirtikjr Linux - Software 1 07-12-2007 06:40 PM
What does chrooted mean? Red Squirrel Linux - Software 6 08-21-2005 09:41 PM
Chrooted Apache dominant Linux - Security 4 09-20-2004 03:48 AM


All times are GMT -5. The time now is 03:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration