On Sunday 18 November 2007 09:07:40 pm Neal Becker wrote: > >> named 2794 0.0 0.5 131440 10568 ? Ssl Nov16 > >> 0:00 /usr/sbin/named -u named -D -t /var/named/chroot > >> > >> Well, someone started named! named is one of those apps that is always suggested to be started chrooted. This is because its historically been vulnerable to attack. I'd like to see more about its actual configuration before deciding if NM has created a security hole. Sure, we have selinux to help keep a handle on what an attacker can do, but some people turn selinux off and we need to offer the best protection we can for them. Does "netstat -taunp | grep named" show it listening on localhost, or does it show it being exposed? Does NM have a config option to disable using named for the security minded people? Is named chrooted? Is it set to be a non-authoritative server? Does the config follow best practices for a locked down system? Need to see the config for that. -Steve -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
