[Slackbuilds-users] HAR and ntpd, named and libcap-ng

Menno Duursma druiloor at zonnet.nl
Wed Aug 19 22:55:34 UTC 2009

Hello list readers,

About a talk at HAR2009, of which the outline can be found here:

(Sunny wether: didn't go to well, shit happens, yada yada yada).

Anyways besides my own stuff i used ntpd and named as examples. Of which
the first can be linked against libcap, as described by slackamp here:

(Or last i tried, at least).

BIND named can be started with '-u <user>' as described in its rc file.
One thing not to overlook might be group access to /etc/rndc.key there.

Otherwise chroot them . Or maybe wrap 'm. PAM and redesign roots access
rights, whatever. Unless u trust those daemons to never have a 0-day.

One thing libcap-ng can be used for is to easily check for cap-bits set
on running processes (a build-script for that package is attached).

Looking up the filesystem bits maybe a bit harder, cfengine/puppet/etc
should be able to support it (probably with external scripts currently).

Besides libcap-ng, some interesting stuff is available here:

(Note capable_probe.tar.bz2 needs kernel probes enabled).

Hope this helps, take care,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libcap-ng.tar.gz
Type: application/octet-stream
Size: 1842 bytes
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20090820/546783d2/attachment.obj>

More information about the SlackBuilds-users mailing list