HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_241
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 241 'DESTRUN=/var/run' 'DESTLIB=/usr/lib/bind/lib' 'DESTINC=/usr/lib/bind/include' 'LEX=flex -8 -I' 'YACC=yacc -d' 'SYSLIBS=-lfl' 'INSTALL=install' 'MANDIR=man' 'MANROFF=cat' 'CATEXT=$$N' 'PS=ps -p' 'AR=ar crus' 'RANLIB=:' [root@deep src]# rm -f .settings [root@deep src]# make clean [root@deep src]# make [root@deep src]# cp bin/named/named /chroot/named/usr/sbin [root@deep src]# cp: overwrite `/chroot/named/usr/sbin/named’? y [root@deep src]# cp bin/named-xfer/named-xfer /chroot/named/usr/sbin [root@deep src]# cp: overwrite `/chroot/named/usr/sbin/named-xfer’? y [root@deep src]# strip /chroot/named/usr/sbin/named [root@deep src]# strip /chroot/named/usr/sbin/named-xfer We remove the “.settings” file since the build system caches these variables, and we run the “make clean” command to be sure we have no stale trash laying about. After we build the “named” binary and copy it with “named-xfer” to the chrooted jail directory. Also we use the “strip” command for improving the performance of the new binaries. Step 11 Remove the unnecessary files and directory. [root@deep /]# rm -f /usr/sbin/named [root@deep /]# rm -f /usr/sbin/named-xfer [root@deep /]# rm -f /etc/named.conf [root@deep /]# rm -rf /var/named/ We remove the “named” and “named-xfer” binaries from the “/usr/sbin” directory, since the ones we’ll work with now in our daily use are located under the chroot directory. The same apply for “named.conf” file and “/var/named” directory. Step 12 We must test the new chrooted jail configuration of our BIND/DNS software. · The first thing to do is to restart our syslogd daemon with the following command: [root@deep /]# /etc/rc.d/init.d/syslog restart Shutting down kernel logger:                                 [  OK  ] Shutting down system logger:                                 [  OK  ] Starting system logger:                                      [  OK  ] Starting kernel logger:                                          [  OK  ] · Now, start the new chrooted jail BIND/DNS with the following command: [root@deep /]# /etc/rc.d/init.d/named start Starting named:                                              [  OK  ] Make sure it's running as user “named” and with the new arguments.