[nycbug-talk] article on Jails. . .
Mike Sawicki
fifi
Thu Jul 29 11:23:58 EDT 2004
On Thu, Jul 29, 2004 at 07:32:07AM -0400, michael wrote:
> On Wed, 28 Jul 2004 12:08:03 -0400
> G.Rosamond <george at sddi.net> wrote:
>
> > I don't want to just rebroadcast postings from Daemon News, but this
> > article is particularly relevant. . .
> >
> > http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=170
>
>
> So at the risk of being flamed.. who is jailing what? Do you jail the
> web server, the mail gateway, name service? Or is it just *jail
> everything*?
>
I use them for high-traffic, Internet-facing servers such as DNS and
mail relays. In the case of DNS specifically, you get a whole lot
of piece of mind out of running a chroot'ed BIND within a jail.
Adding a good kernel securelevel and proper filters to the box helps
even more.
Mike Sawicki (fifi at HAX.ORG)
More information about the talk
mailing list