|
Jail?
What is up with the jail. I read the man pages, so all it is, is a safe, locked down portation of your disk space. where nothing can go in or out, without your ok? :newbie:
|
A jail it's an enviroment completely apart of the whole system.
It imprisons the process and it's descendants. Now you have vary options to run a jail... You can run it with a non-privileged user, in new root enviroment, in a single ip with a jail hostname. And finaly the daemon/command you wish to execute. All of the childs of whatever you run will be imprisoned in the jail and there wont be any comunication with the outside. With chroot, there are ways to escape because there is interaction with the outworld. But a very well configurated chroot will be enough. I advise you strongly to read the man pages related to the jail, because its a very good freebsd resource that others systems would give anything to have it. (Under developement in Linux) A perfect jail could contain a whole FreeBSD world inside of it... Now imagine what you can do with a jail, securing your system will be an easy thing if you run everything in jails/chroots. securityfocus.com has very intersting articles related to daemon chrooting. There is this 3 article document, that consists in chrooting Apache+PHP+Mysql, and It works GREAT. I use it in all my systems! http://www.securityfocus.com/infocus/1694 http://www.securityfocus.com/infocus/1706 http://www.securityfocus.com/infocus/1726 Stay well! |
| All times are GMT -5. The time now is 02:34 AM. |