Why is named started, but not being used?
sgrubb at redhat.com
Mon Nov 19 13:51:32 UTC 2007
On Sunday 18 November 2007 09:07:40 pm Neal Becker wrote:
> >> named 2794 0.0 0.5 131440 10568 ? Ssl Nov16
> >> 0:00 /usr/sbin/named -u named -D -t /var/named/chroot
> >> Well, someone started named!
named is one of those apps that is always suggested to be started chrooted.
This is because its historically been vulnerable to attack. I'd like to see
more about its actual configuration before deciding if NM has created a
security hole. Sure, we have selinux to help keep a handle on what an
attacker can do, but some people turn selinux off and we need to offer the
best protection we can for them.
Does "netstat -taunp | grep named" show it listening on localhost, or does it
show it being exposed? Does NM have a config option to disable using named
for the security minded people? Is named chrooted? Is it set to be a
non-authoritative server? Does the config follow best practices for a locked
down system? Need to see the config for that.
More information about the test