If the DNS name service daemon (named
) runs in a chroot jail, any
hacker that enters your system via a BIND exploit is isolated to the files under the chroot
jail directory. Installing the bind-chroot
package creates the
/var/named/chroot
directory, which becomes the chroot jail for all BIND
files.
You can configure the vsftpd
FTP server to automatically start chroot
jails for clients. By default, anonymous users are placed in a chroot jail. However, local
users that access an vsftpd
FTP server are placed in their home
directory. Specify the chroot_local_user=YES
option in the
/etc/vsftpd/vsftpd.conf
file to place local users in a chroot jail
based on their home directory.