| The name server, "named", usually runs with privileged access. This allows "named" to function correctly, but increases the security risk if any vulnerabilities are found. We can decrease this risk by running "named" as a non-privileged user and by putting its files in a restricted file system (called a chroot jail).
NOTE: If a security vulnerability is found in one of the files that has been placed inside of the "chroot jail" then that file must be manually patched by copying the fixed file(s) into the jail.
For security reasons, it would be ideal to restrict every process which is listening to untrusted data as much as possible. This is especially true of network daemons, such as bind. If a vulnerability is found in the daemon, then a chroot jail will contain any intrusions. Only a root process can break out of a chroot jail, so Bastille will ensure that "named" is not running as root. A successful attack on "named" in a chroot jail running as a non-privileged user will allow the attacker to modify only files owned or writeable by that non-privileged user and protect the rest of the system.
HP-UX Note: The general structure of the jail will be created but several entries will be added to Bastille's generated TODO list which require MANUAL ACTION on your part. (HP-UX does not ship with a name server configured by default, so much of this depends on how your system's name server is configured.)
(MANUAL ACTION REQUIRED TO COMPLETE THIS CONFIGURATION, see TODO list for details) |