本文档详述了如何将BIND9名称服务器配置为在chroot环境下由非root用户运行,以此来增强安全性并减少潜在的安全漏洞影响。包括创建用户、设置目录结构、放置BIND数据文件等步骤。
Next Previous Contents
Scott Wunsch,
v1.5, 1 December 2001
This document describes installing the BIND 9 nameserver to run in a chroot jail and as a non-root user, to provide added security and minimise the potential effects of a security compromise. Note that this document has been updated for BIND 9; if you still run BIND 8, you want the Chroot-BIND8 HOWTO instead.
Next Previous Contents
Chroot-BIND HOWTO
Scott Wunsch, scott at wunsch.org
v1.5, 1 December 2001
This document describes installing the BIND 9 nameserver to run in a chroot jail and as a non-root user, to provide added security and minimise the potential effects of a security compromise. Note that this document has been updated for BIND 9; if you still run BIND 8, you want the Chroot-BIND8 HOWTO instead.
1. Introduction
2. Preparing the Jail
- 2.1 Creating a User
- 2.2 Directory Structure
- 2.3 Placing the BIND Data
- 2.4 System Support Files
- 2.5 Logging
- 2.6 Tightening Permissions
3. Compiling and Installing Your Shiny New BIND
4. Installing Your Shiny New BIND
5. The End
6. Appendix - Upgrading BIND Later
7. Appendix - Thanks
8. Appendix - Document Distribution Policy
Next Previous Contents
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
