Книга: Fedora™ Unleashed, 2008 edition
UNIX Security Considerations
UNIX Security Considerations
The most important step in securing any UNIX system is to configure the environment BIND in which runs to use all the security mechanisms available to it through the operating system to its advantage. In short, this means that you should apply general security measures to your computer.
Run named
with as few privileges as it needs to function. Do not run named
as root
. Even if an attacker manages to exploit a security hole in BIND, the effects of the break-in can be minimized if named
is running as user nobody
rather than as root. Of course, named
has to be started as root because it needs to bind to port 53, but it can be instructed to switch to a given user and group with the -u
and -g
command-line options.
Starting named
with a command such as named -u nobody -g nogroup
is highly recommended. Remember, however, that if you run multiple services as nobody, you increase the risks of a compromise. In such a situation, it is best to create separate accounts for each service and use them for nothing else. Fedora runs named
as the user named
.
You can also use the chroot feature of UNIX to isolate named
into its own part of the file system. If correctly configured, such a file system "jail" restricts attackers — if they manage to break in — to a part of the file system that contains little of value. It is important to remember that a chroot
jail is not a panacea, and it does not eliminate the need for other defensive measures.
CAUTION
Programs that use chroot
but do not take any other precautions have been shown to be unsecure. BIND does take such additional precautions. See the chroot
-BIND HOWTO at http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Chroot-BIND-HOWTO.html.
For a chroot
environment to work properly, you have to set up a directory that contains everything BIND needs to run. It is recommended that you start with a working configuration of BIND, create a directory — say /usr/local/bind
— and copy over the files it needs into subdirectories under that one. For instance, you have to copy the binaries, some system libraries, the configuration files, and so on. Consult the BIND documentation for details about exactly which files you need.
When your chroot
environment is set up, you can start named
with the -t /usr/local/ bind
option (combined with the -u
and -g
options) to instruct it to chroot
to the directory you have set up.
You might also want to check your logs and keep track of resource usage. named
manages a cache of DNS data that can potentially grow very large; it happily hogs CPU and bandwidth also, making your server unusable. This is something that can be exploited by clever attackers, but you can configure BIND to set resource limits. Several such options in the named.conf
file are available, including datasize
, which limits the maximum size of the data segment and, therefore, the cache. One downside of this approach is that named
might be killed by the kernel if it exceeds these limits, meaning that you have to run it in a loop that restarts it if it dies or run it from /etc/inittab
.
- Managing DNS Security
- 17.2. Стандарты Unix
- Editing security policies
- Digital UNIX
- Межпроцессное взаимодействие в BSD UNIX. Сокеты
- Chapter 13. Platform-Specific Considerations
- Глава 2 Среда программирования UNIX
- 20.3.4. Unix предполагает статичную файловую систему
- 1.7. Стандарты Unix
- OC UNIX
- PGP Enterprise Security 3.0
- 17.4. Сокеты домена Unix