[MLUG] Re: Security: Libsafe
John Abreau
jabr at blu.org
Fri Apr 21 15:28:34 EDT 2000
Mark Donnelly <gimli at offcenter.org> writes:
> Mind you, I'd be all for killing everything that is
> automatically respawned. Things like ftpd or getty
> would be fine. However, the fear of losing my services
> like SMTP and HTTP brings me to avoid installing this
> library. (which is too bad, because I *love* the
> idea!) If I could control which behaviour happens to
> which programs, I'd leave the default to kill and make
> a couple of exceptions for my "must-be-up" services.
For SMTP, you could try running SMAP, and smtp proxy. SMAP runs chrooted
as a non-privileged user, and is meant to be used instead of a sendmail
daemon. SMAP queues incoming mail to its chrooted directory, and then
the smapd daemon periodically scans that queue and passes the waiting
mail to a new instance of sendmail. I believe smap can be run from inetd.
For HTTP, it should be simple enough to write a watchdog script to run
out of cron, that checks that apache is up and restarts it if it isn't.
Another option is to run something like BigBrother or MON, and have it
page you if the service is down.
--
John Abreau / Executive Director, Boston Linux & Unix
Email: jabr at blu.org / URL: http://www.blu.org
ICQ#28611923 / AIM abreauj
-----------------------------------------------------------------------
"Working with NT is like trying to tune a watch wearing oven mitts.
You can't get your fingers inside like you can with UNIX.
-----------------------------------------------------------------------
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list