Is it a good idea to put a web server in a root jail? How would you go about doing that? On 10/25/05, Miskell, Craig <Craig.Miskell@xxxxxxxxxxxxxxxx> wrote: > > > > Anybody have any best practices/links to how to "lock down" RedHat? > > Serverices to consider shutting off from the default install, etc. > I've found the checklists and checking tools on www.cisecurity.org<http://www.cisecurity.org>to be > fairly good. The checking script gives a rating out of 10 as well, so > you've got a nice metric for your boss. If anything it's too paranoid > (e.g. it docks points for having a web-server installed, even if that's > the whole point of the server existing), and I wouldn't expect to ever > see a server get 10/10, due to operational requirements. However, it > does at least raise the possible issues and lets you decide whether the > tradeoff is worth it. > > As mentioned in other replies, it's still just a list of stuff that > "anybody who's done unix for a while knows", but it's nice to see it > written down, codified, and checked for. > > Craig > ======================================================================= > Attention: The information contained in this message and/or attachments > from AgResearch Limited is intended only for the persons or entities > to which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipients is prohibited by AgResearch > Limited. If you have received this message in error, please notify the > sender immediately. > ======================================================================= > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
