14 Nov
2002
14 Nov
'02
12:13 p.m.
On Wed, Nov 13, 2002 at 11:59:44AM +0100, Balazs Scheidler wrote:
On Wed, Nov 13, 2002 at 11:40:59AM +0100, Narancs wrote:
- Mivel és hogyan szoktátok az ntpd-t jailezni, erro"l van-e valami leírás valahol?
restrict-el szoktuk, ez a lenyeg:
export RESTRICT_UID=nobody export RESTRICT_GID=nogroup #export RESTRICT_GROUPS= #export RESTRICT_VERBOSE=1 export RESTRICT_CAPS=cap_sys_time,cap_net_bind_service,cap_sys_nice,cap_ipc_lock=pe export RESTRICT_CHROOT=/var/chroot/ntp/ export RESTRICT_FAKEUID=0
LD_PRELOAD=/usr/lib/librestrict.so /usr/sbin/ntpd
a jailen belul csak az ntp.cfg kell.
Meg /etc/hosts, /etc/resolv.conf es /etc/nsswitch.conf sem? Es /dev/null es /dev/log? Egy /tmp konyvtar? -- Udvozlettel Zsiga