[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setting up chroot jail for ssh

You do realize that a skillfull attacker WILL break out of an average
chroot jail, dont' you? I would HIGLY recommend grcecurity patch
(http://grsecurity.org/) to harden it.

Also, since you mention your friends will be {up,down}loading music -
most likely they have broadband. If that's the case most likely their
IP will be almost static. I know, I know, too many assuptions. I judge
by my comcast connection - even though I have a dynamic address, it's
been the same for many months. Anyway, if all of that true for your
friends as well, you can punch your firewall only for their IPs and
only for ftp ports. You do use firewall, right?


Reply to: