diff options
Diffstat (limited to 'doc/arm/Bv9ARM.ch07.html')
| -rw-r--r-- | doc/arm/Bv9ARM.ch07.html | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 14ae9f1c..78228606 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -14,12 +14,12 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.47 2006/05/17 02:38:43 marka Exp $ --> +<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.49 2006/06/29 13:03:03 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Chapter 7. BIND 9 Security Considerations</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> <link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Configuration Reference"> @@ -28,7 +28,7 @@ <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> <div class="navheader"> <table width="100%" summary="Navigation header"> -<tr><th colspan="3" align="center">Chapter 7. <span class="acronym">BIND</span> 9 Security Considerations</th></tr> +<tr><th colspan="3" align="center">Chapter 7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</th></tr> <tr> <td width="20%" align="left"> <a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td> @@ -41,15 +41,15 @@ </div> <div class="chapter" lang="en"> <div class="titlepage"><div><div><h2 class="title"> -<a name="Bv9ARM.ch07"></a>Chapter 7. <span class="acronym">BIND</span> 9 Security Considerations</h2></div></div></div> +<a name="Bv9ARM.ch07"></a>Chapter 7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</h2></div></div></div> <div class="toc"> <p><b>Table of Contents</b></p> <dl> <dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2573323"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2597836"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2573399">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2573459">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2597981">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2598041">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt> </dl></dd> <dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt> </dl> @@ -72,7 +72,7 @@ <p> It is a <span class="emphasis"><em>good idea</em></span> to use ACLs, and to control access to your server. Limiting access to your server by - outside parties can help prevent spoofing and DoS attacks against + outside parties can help prevent spoofing and denial of service (DoS) attacks against your server. </p> <p> @@ -118,21 +118,21 @@ zone "example.com" { </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2573323"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></h2></div></div></div> +<a name="id2597836"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></h2></div></div></div> <p> - On UNIX servers, it is possible to run <span class="acronym">BIND</span> in a <span class="emphasis"><em>chrooted</em></span> environment - (<span><strong class="command">chroot()</strong></span>) by specifying the "<code class="option">-t</code>" - option. This can help improve system security by placing <span class="acronym">BIND</span> in + On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym> in a <span class="emphasis"><em>chrooted</em></span> environment + (using the <span><strong class="command">chroot()</strong></span> function) by specifying the "<code class="option">-t</code>" + option. This can help improve system security by placing <acronym class="acronym">BIND</acronym> in a "sandbox", which will limit the damage done if a server is compromised. </p> <p> - Another useful feature in the UNIX version of <span class="acronym">BIND</span> is the + Another useful feature in the UNIX version of <acronym class="acronym">BIND</acronym> is the ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ). We suggest running as an unprivileged user when using the <span><strong class="command">chroot</strong></span> feature. </p> <p> - Here is an example command line to load <span class="acronym">BIND</span> in a <span><strong class="command">chroot()</strong></span> sandbox, + Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span><strong class="command">chroot</strong></span> sandbox, <span><strong class="command">/var/named</strong></span>, and to run <span><strong class="command">named</strong></span> <span><strong class="command">setuid</strong></span> to user 202: </p> @@ -141,15 +141,15 @@ zone "example.com" { </p> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2573399"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div> +<a name="id2597981"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div> <p> In order for a <span><strong class="command">chroot</strong></span> environment to work properly in a particular directory (for example, <code class="filename">/var/named</code>), you will need to set up an environment that includes everything - <span class="acronym">BIND</span> needs to run. - From <span class="acronym">BIND</span>'s point of view, <code class="filename">/var/named</code> is + <acronym class="acronym">BIND</acronym> needs to run. + From <acronym class="acronym">BIND</acronym>'s point of view, <code class="filename">/var/named</code> is the root of the filesystem. You will need to adjust the values of options like like <span><strong class="command">directory</strong></span> and <span><strong class="command">pid-file</strong></span> to account @@ -169,7 +169,7 @@ zone "example.com" { </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2573459"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div> +<a name="id2598041"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div> <p> Prior to running the <span><strong class="command">named</strong></span> daemon, use @@ -178,7 +178,7 @@ zone "example.com" { modification times) or the <span><strong class="command">chown</strong></span> utility (to set the user id and/or group id) on files - to which you want <span class="acronym">BIND</span> + to which you want <acronym class="acronym">BIND</acronym> to write. </p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> @@ -195,7 +195,7 @@ zone "example.com" { <p> Access to the dynamic update facility should be strictly limited. In earlier versions of - <span class="acronym">BIND</span> the only way to do this was + <acronym class="acronym">BIND</acronym>, the only way to do this was based on the IP address of the host requesting the update, by listing an IP address or @@ -222,7 +222,7 @@ zone "example.com" { option can be used. </p> <p> - Some sites choose to keep all dynamically updated DNS data + Some sites choose to keep all dynamically-updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses @@ -242,7 +242,7 @@ zone "example.com" { </td> </tr> <tr> -<td width="40%" align="left" valign="top">Chapter 6. <span class="acronym">BIND</span> 9 Configuration Reference </td> +<td width="40%" align="left" valign="top">Chapter 6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference </td> <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> <td width="40%" align="right" valign="top"> Chapter 8. Troubleshooting</td> </tr> |