HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Bind chroot configuration (http://www.howtoforge.com/forums/showthread.php?t=1559)

Toffee 6th December 2005 16:33

Bind chroot configuration
 
Hello.

I've got few questions about bind chroot configuration.

Many tutorials explane that we must create an entire directory structure in the chroot directory. It means that libraries and binaries of Bind are present in the chroot directory. Many others indicate that CHROOT_DIR/dev, CHROOT_DIR/etc and CHROOT_DIR/var are sufficient and so, libraries and binaries aren't in the chroot directory.


What is the difference between these two configurations? What is the best configuration in term of security?

Thanks a lot for your response.

falko 6th December 2005 17:42

I think that those are two different approaches. E.g., in this howto http://www.howtoforge.com/howto_bind_chroot_debian we don't need all the libraries etc. in the chroot jail because we tell Bind's init script to run Bind chrooted (by putting
Code:

OPTIONS="-u bind -t /var/lib/named"
into /etc/default/bind9). I think it's a lot easier than putting all the libraries etc. into the chroot jail...

public_domain 30th January 2008 03:08

then should i not see something in either
 
OPTIONS="-u bind -t /var/lib/named"
/etc/default/bind9
(as it is, no .../named and no ../bind9)
TYIA

falko 30th January 2008 16:42

Quote:

Originally Posted by public_domain
OPTIONS="-u bind -t /var/lib/named"
/etc/default/bind9
(as it is, no .../named and no ../bind9)
TYIA

What is the question? :confused:

public_domain 30th January 2008 17:35

does this reference [OPTIONS="-u bind -t /var/lib/named"] point to a directory that is supposed to be there real or symlink?

falko 31st January 2008 20:36

-u bind means the user bind. /var/lib/named is a directory and must exist. BIND will run chrooted in that directory.

Deem3nŽ 13th March 2009 16:51

There is no matter how to use BIND in chroot.

Take a look to this guide. In that example BIND is running at /chroot/named directory


All times are GMT +2. The time now is 20:42.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.