Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MLUG] Re: Security: Libsafe



Mark Donnelly <gimli at offcenter.org> writes:

> Mind you, I'd be all for killing everything that is 
> automatically respawned.  Things like ftpd or getty 
> would be fine.  However, the fear of losing my services 
> like SMTP and HTTP brings me to avoid installing this 
> library.  (which is too bad, because I *love* the 
> idea!)  If I could control which behaviour happens to 
> which programs, I'd leave the default to kill and make 
> a couple of exceptions for my "must-be-up" services.  

For SMTP, you could try running SMAP, and smtp proxy. SMAP runs chrooted
as a non-privileged user, and is meant to be used instead of a sendmail
daemon. SMAP queues incoming mail to its chrooted directory, and then
the smapd daemon periodically scans that queue and passes the waiting
mail to a new instance of sendmail. I believe smap can be run from inetd.

For HTTP, it should be simple enough to write a watchdog script to run 
out of cron, that checks that apache is up and restarts it if it isn't.
Another option is to run something like BigBrother or MON, and have it
page you if the service is down.


--
John Abreau / Executive Director, Boston Linux & Unix 
Email: jabr at blu.org / URL: http://www.blu.org
ICQ#28611923 / AIM abreauj
-----------------------------------------------------------------------
"Working with NT is like trying to tune a watch wearing oven mitts.
 You can't get your fingers inside like you can with UNIX.
-----------------------------------------------------------------------


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org