Just a thought recommended to me by RedHat last year.
Run SELinux :
SELinux can enforce the access rights of every user,
application, process, and file
within a Red Hat system to a degree previously unavailable in
enterprise operating
systems. It ensures that any application behaves as intended with very
low
performance overhead. (For more Information, see Red Hat Enterprise
Linux Security
Series: SELinux)
Link: http://www.redhat.com/f/pdf/RHEL_Security_WP_web.pdf
Cdlt, Dave
--------
YBA wrote:
Hello,
I was running apache for a number of years using fully blown chroot
environment, mostly on RHEL (using "chroot" binary as a base).
Recently, I have faced a requirement to wrap it up into rpm, which is
not an easy task, considering all up to date libs, dependencies, etc.
As chrootdir directive seems to appeared only in 2.2.9 (?), part of
mod_unixd, my question is how one could compare it to fully blown
chroot environment, looking at it from security point of view. Would
that be the same or are there any drawbacks on "chrootdir" side?
Also, I used to see information about mod_chroot, module, but this seem
to disappeared at some point. I believe this module is not maintained
any more for this purpose (at least google does not seem to know about
it any more)?
All comments on this would be most appreciated.
Cheers.
S.
|
