[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

also sprach Tollef Fog Heen (on Wed, 26 Sep 2001 10:25:15AM +0200):
> The right way is, imho, the way postfix deals with it.  It took quite
> some time before I discovered it chrooted itself.

i disagree stronlgy mainly because of things like tripwire, which i
think should be scanning *everything* but a small list of exceptions
- not a list of things to scan and to ignore all rest.
/var/spool/postfix contains some very important files that (a) affect
the way postfix is working and how secure it is, and (b) are static
files in that they don't change between boots. therefore, you tripwire
them -- which is useless if every restart of postfix causes tripwire
to bitch.

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck

Attachment: pgpOn87SCaPZe.pgp
Description: PGP signature

Reply to: