[nycbug-talk] article on Jails. . .

Mike Sawicki fifi
Thu Jul 29 11:23:58 EDT 2004


On Thu, Jul 29, 2004 at 07:32:07AM -0400, michael wrote:
> On Wed, 28 Jul 2004 12:08:03 -0400
> G.Rosamond <george at sddi.net> wrote:
> 
> > I don't want to just rebroadcast postings from Daemon News, but this 
> > article is particularly relevant. . .
> > 
> > http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=170
> 
> 
> So at the risk of being flamed.. who is jailing what?  Do you jail the
> web server, the mail gateway, name service?  Or is it just *jail
> everything*?
> 

I use them for high-traffic, Internet-facing servers such as DNS and
mail relays.  In the case of DNS specifically, you get a whole lot
of piece of mind out of running a chroot'ed BIND within a jail.
Adding a good kernel securelevel and proper filters to the box helps 
even more.

Mike Sawicki (fifi at HAX.ORG)




More information about the talk mailing list