Contents:

Securing Network Services

• Wrap Your Services: inetd, xinetd
• Chrooting
• Breaking Out of and Securing Chroot Jails
• Chrooting Your Users (and/or SSHD)

Proxies

• Application-Level Proxies
• SOCKS

Specific Examples

• Email
• YP/NIS
• RPC, Portmap and NFS
• Apache: modsecurity
• FTP Servers

---

About this document

Unix and Linux Security: An Introduction — Securing Network Services

Back up to Unix and Linux Sec: An Intro

This section focuses on means — other than packet filters, stateful firewalls and router-level access-control lists — to help secure network-related daemons. Included:

• wrapping services with inetd or xinetd;
• chrooting services and users;
• application-level proxies.

We consider some specific examples:

• email (sendmail and exim);
• RPC, Portmap and NFS;
• the Apache webserver

and comment on FTP servers.

Firewalls etc. are covered in another section.