Re: Chrooted mysqld sock file problem
--On Mittwoch, 30. Oktober 2002 15:24 +0100 Domonkos Czinke <[EMAIL PROTECTED]> wrote: Hi ppl :) My question is related to a chrooted Apache(+php) and Mysql. They live in two different chrooted environment and the problem is that I have several php programs which wanna use the mysql, but they can't use it since they can't find the mysql.sock file (because it in another chroot), any idea to use apache+mysql in different chroot ? :) Similar problem with chrooted Postfix. Needs a hard link under the faked root tree. But whenever you restart MySQL the hardlink breaks. Any hints apart from patching the init script to set/restore the hardlink? Cheers, Marcel
Re: Chrooted mysqld sock file problem
--On Mittwoch, 30. Oktober 2002 15:24 +0100 Domonkos Czinke <[EMAIL PROTECTED]> wrote: Hi ppl :) My question is related to a chrooted Apache(+php) and Mysql. They live in two different chrooted environment and the problem is that I have several php programs which wanna use the mysql, but they can't use it since they can't find the mysql.sock file (because it in another chroot), any idea to use apache+mysql in different chroot ? :) Similar problem with chrooted Postfix. Needs a hard link under the faked root tree. But whenever you restart MySQL the hardlink breaks. Any hints apart from patching the init script to set/restore the hardlink? Cheers, Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
Re: Encrypting/emailing logs and configs
Greetings! Sean McAvoy wrote: I was looking at configuring a few of my VPN/Firewall systems to send me daily backups of vital config files, and selected log files. I was wondering what would be the easiest method of accomplishing this? I was thinking something along the lines of just tar/bzip and then gpg to encrypt. What other possibilities are there? And has anyone else setup something similar? If you don't have the space/equipment/systems/security to use rsync via ssh (as suggested a number of times already), tar and gpg just do fine. bzip2 is not really necessary as gpg compresses the input per default (okay rate, comparable to gzip). Advantage of tar+gpg+mail is that you don't have DSA keys to your machines lying around on your management system as you will have with rsync over ssh. If you want to use rsync/ssh you should really lock down and protect your management system. For the tar+gpg+mail solution (nearly) any client PC will do - as long as you don't unpack the mails and keep your GPG keyring safe... Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin fon+49 30 6104-3307 fax+49 30 6104-3461 [EMAIL PROTECTED] http://www.discon.de/
Re: questions about chrooting bind 8.3.3
On Wed, Oct 30, 2002 at 11:43:28PM +0100, J.J. van Gorkum wrote: > > Maybe I'm too much an old school admin but 'they' allways told me to > move all the libraries into the chroot environment (no symlinks > watsoever) and even (if possible) move the whole chroot environment > onto an special (read-only) filesystem... Then you might like the 'makejail' method best. See http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html Talks about sshd, but the switch to bind is just as easy. > > In my second example when I start the named daemon without the -t option > and use the (buggy) start-stop-daemon --chroot option the libraries are > used from the chroot environment. That was my point -- and it seems that > the 'standard' debian method of using a chroot environment (the link > from my original post) is moving the libraries into the chroot > environment and not using them. Standard? There is no such think as a standard Debian method of setting up a chroot environment. Although we might need to write/implement one down... Javi pgp9dDmwDHyR9.pgp Description: PGP signature
Re: Encrypting/emailing logs and configs
Greets, On Wed, 30 Oct 2002 at 01:07:31PM -0500, Sean McAvoy wrote: > I was looking at configuring a few of my VPN/Firewall systems to send me > daily backups of vital config files, and selected log files. I was > wondering what would be the easiest method of accomplishing this? I was > thinking something along the lines of just tar/bzip and then gpg to > encrypt. What other possibilities are there? And has anyone else setup > something similar? Round about way...but set up IPSec and FTP them over the IPSec tunnel...or tthere is always SCP w/ keys w/o passphrases. You trap the SSH in a chroot jail at the recieving end... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include #include #include #include #include #include #include #include //os_ver="Windows 2000" os_ver="Windows XP" -- Excuse #41: Bank holiday - system operating credits not recharged pgp1gCdro2s61.pgp Description: PGP signature
unsubscribe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Encrypting/emailing logs and configs
Greetings! Sean McAvoy wrote: I was looking at configuring a few of my VPN/Firewall systems to send me daily backups of vital config files, and selected log files. I was wondering what would be the easiest method of accomplishing this? I was thinking something along the lines of just tar/bzip and then gpg to encrypt. What other possibilities are there? And has anyone else setup something similar? If you don't have the space/equipment/systems/security to use rsync via ssh (as suggested a number of times already), tar and gpg just do fine. bzip2 is not really necessary as gpg compresses the input per default (okay rate, comparable to gzip). Advantage of tar+gpg+mail is that you don't have DSA keys to your machines lying around on your management system as you will have with rsync over ssh. If you want to use rsync/ssh you should really lock down and protect your management system. For the tar+gpg+mail solution (nearly) any client PC will do - as long as you don't unpack the mails and keep your GPG keyring safe... Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin fon+49 30 6104-3307 fax+49 30 6104-3461 [EMAIL PROTECTED] http://www.discon.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: questions about chrooting bind 8.3.3
On Wed, Oct 30, 2002 at 11:43:28PM +0100, J.J. van Gorkum wrote: > > Maybe I'm too much an old school admin but 'they' allways told me to > move all the libraries into the chroot environment (no symlinks > watsoever) and even (if possible) move the whole chroot environment > onto an special (read-only) filesystem... Then you might like the 'makejail' method best. See http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html Talks about sshd, but the switch to bind is just as easy. > > In my second example when I start the named daemon without the -t option > and use the (buggy) start-stop-daemon --chroot option the libraries are > used from the chroot environment. That was my point -- and it seems that > the 'standard' debian method of using a chroot environment (the link > from my original post) is moving the libraries into the chroot > environment and not using them. Standard? There is no such think as a standard Debian method of setting up a chroot environment. Although we might need to write/implement one down... Javi msg07598/pgp0.pgp Description: PGP signature
