SUMMARY: DNS on hardened OS
2007-12-24 23:17:00
I got about a dozen answers on this. Some suggested we get a DJBdns server
(http://cr.yp.to/djbdns.html). This program runs runs as an unprivileged
user, in a chroot jail. Others added to this that I go to
http://www.boran.com/security/sp/bind_hardening.html and use that as it
provides a step-by-step guide for BIND, with examples, using the chroot
jail. Combined with these two suggestions was to use SSH only to get into
the box, remove all non-essential services, and use TCP wrappers (already
planned on doing that).
Thanks to the following people for their help:
system administration account [sysadmin at astro.su.se]
Lars Hecking [lhecking at nmrc.ie]
Roy Culley [tgdcuro1 at gd2.swissptt.ch]
Schmitt, Martin (Dregis STB C) [Martin.Schmitt at Dregis.com]
Solaris List [solaris at ns1.silvex.com]
tflat [tflat at astrocreep.net]
Gert-Jan Hagenaars [gj at hagenaars.com]
Unix4me at aol.com
Christopher L. Barnard [cbar44 at tsg.cbot.com]
ahaukin at hushmail.com
Grant
Comments
Got something to say?
You must be logged in to post a comment.
