Comments on: Named’s working directory not writeable http://famousphil.com/blog/2010/04/nameds-working-directory-not-writeable/ My Personal Blog Wed, 02 May 2012 12:08:41 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Famous Phil http://famousphil.com/blog/2010/04/nameds-working-directory-not-writeable/comment-page-1/#comment-1332 Famous Phil Thu, 19 Aug 2010 16:53:53 +0000 http://famousphil.com/?p=449#comment-1332 That is a good point that I probably should have covered. It does make my system less secure, but it does get rid of the errors that I have to read through in the logs. I believe I am one of the few admins that actually cares enough to read through logs entirely without parsers and it takes a lot of time to do. It also helps me optimize everything. Because of the time I spend reading through errors like this, I don't really mind having a slightly more insecure system because I have full system backups, I limit user access, and I monitor for any modifications to files that are not within the /home directory. So even if an exploit was discovered before I knew about it (it has happened once in the past 5 years), I'd still have everything repaired within 30 minutes of the initial exploit into my system. That is a good point that I probably should have covered. It does make my system less secure, but it does get rid of the errors that I have to read through in the logs. I believe I am one of the few admins that actually cares enough to read through logs entirely without parsers and it takes a lot of time to do. It also helps me optimize everything.

Because of the time I spend reading through errors like this, I don’t really mind having a slightly more insecure system because I have full system backups, I limit user access, and I monitor for any modifications to files that are not within the /home directory. So even if an exploit was discovered before I knew about it (it has happened once in the past 5 years), I’d still have everything repaired within 30 minutes of the initial exploit into my system.

]]> By: Lloyd Kvam http://famousphil.com/blog/2010/04/nameds-working-directory-not-writeable/comment-page-1/#comment-1330 Lloyd Kvam Thu, 19 Aug 2010 13:35:34 +0000 http://famousphil.com/?p=449#comment-1330 Are you sure that you really *want* named to be able to write to that directory? Doesn't that allow exploits to wipe out your configuration and insert their own bogus configuration? I realize your change gets rid of the log messages. However, I think the "fix" makes your system less secure. Are you sure that you really *want* named to be able to write to that directory? Doesn’t that allow exploits to wipe out your configuration and insert their own bogus configuration?

I realize your change gets rid of the log messages. However, I think the “fix” makes your system less secure.

]]>