Maintain chroot

A compromised chroot environment is much easier to recover than a compromised host. A tarball of the directory is all that is necessary to rebuild the chroot structure. Make sure to use the --preserve option when creating the initial tarball. This is perhaps the easiest way to back up and recover the chroot directory.

 # tar czvfp chroot.tar.gz /opt/chroot 

chroot also lowers the number of logs, users, and processes that must be monitored . Although the initial creation of a chroot environment requires a lot of effort, ongoing administration is actually improved.

The administration of a chroot environment is no different from that of a service installed normally. As you define policies for the configuration, logging, and patching of services on the operating system, make sure to include specific policies for the chroot services.

Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: