Does it make sense to set up a chroot jail for a apache server which is the only service on the server? Or it is pointless, because the server is in either way lost if it get hacked?
Asked
Active
Viewed 81 times
2 Answers
0
which is the only service on the server
Really? How do you change the content on the server? Even if that is the case, it does improve security - even if there are no other avenues for attack, it would limit the targets of attacks.
C.
symcbean
- 21,009
- 1
- 31
- 52
0
Under those condition a chroot might potentially do more damage than good.
Depending on the amount of dynamic content being generated, you might have to copy a rather large chunk of libraries and binaries into the chroot. Unless you also have a easy and convenient way to keep the chroot updated you will most likely sooner or later end up with a rather vulnerable web site.
andol
- 6,938
- 29
- 43