On 16.06.09 17:11, Igor Cicimov wrote: > Running apache in chroot adds another layer of security. You can chroot the > apache server and copy over all the libraries you need and only the programs > you need like /bin/sh lets say to start/stop the server. In that way any > security issue or intruder will end up in "jail" and have limited programs > to run. Also what ever damage he/she might cause will be in the chroot > enviroment, which you can esally recover, and not in your real root. > > We run all our company production servers in chroot. we use FreeBSD jail and linux vservers in the same manner. They also prevent from using other IP addresses and access to our internal network (the data files are nfs-mounter from an internal server). -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|