[nycbug-talk] Apache, ftp, samba, etc....
Marc Spitzer
mspitzer
Sun Oct 2 00:58:46 EDT 2005
On 10/1/05, Francisco Reyes <lists at natserv.com> wrote:
> On Mon, 26 Sep 2005, George R. wrote:
>
> > It's not really a question of jails v non-jails to me. . .
>
> Given that samba can be configured to listen only in certain subnets what
> would be the advantage of jailing the external apps?
>
> To protect in case someone breaks into apache/ftp?
yes. With a script you can rebuild a jail, including saving all the
data(web site etc), and recover from an incident automatically. login
to the root box and kick off the script and all is better. Even if
you are running apps that give you root you only get root in the jail
and your tripwire( or mtree if you want to be bsdish(and who does
not)) should be running out of the main box that has not been
compromised.
marc
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD
More information about the talk
mailing list