Hi, > Benjamin Schuele wrote: > > I would like to initiate a discussion about LIDS and chroot to setup a > secure server.
i prefer the solution to use chroot _with_ LIDS. Make everything you would do without chroot and chroot the process (e.g. bind, apache, etc.). Remove the CAP_SYS_CHROOT from _every_ binary within the chroot, only programs outside the chroot should have them. Well, i think the solution depends on you paranoia level ;) Regards, Ralf Dreibrodt -- Mesos Telefon 49 221 4855798-1 Eupener Str. 150 Fax 49 221 4855798-9 50933 Koeln Mail [EMAIL PROTECTED]
