Secure BIND Template Version 2.0

chroot Jail for BIND on Solaris 7 Version 1.1

By Rob Thomas, robt@cymru.com, 20 DEC 2000

Back to the Secure BIND Template

To start, create a new directory or file system to house the jails.  This will consist of several subdirectories and will house the BIND binaries and configuration files.  In our example, we will assume a new file system has been created and it is named /jail.  Further, two subdirectories have been created below it - /jail/internal-bind and /jail/external-bind.  Each subdirectory will have the following file system structure beneath it.  This example is taken from a system running Solaris 7.

Note:  You do not need usr/lib/libpthread.so.1 and usr/lib/libthread.so.1 unless you are running BIND 9.1.0 or greater.

Copy the appropriate timezone files to your chroot jail. I am in the US Central timezone, so I use:

	cp -p /usr/share/lib/zoneinfo/US/Central /usr/local/bind-jail/usr/share/lib/zoneinfo/US/

Our top level directory:
drwxr-xr-x   2 root     other        512 Dec  8 22:26 dev/
drwxr-xr-x   2 root     other        512 Nov 23 22:36 etc/
drwxrwxrwt   2 root     other        512 Nov 23 22:24 tmp/
drwxr-xr-x   4 root     other        512 Nov 23 22:27 usr/
drwxr-xr-x   5 root     other        512 Nov 23 23:09 var/

Our subdirectories:
./dev:
crw-rw-rw-   1 root     sys       21,  0 Dec  8 22:26 conslog
crw-r-----   1 root     other     21,  5 Dec  8 22:25 log
crw-rw-rw-   1 root     other     13,  2 Nov 23 22:25 null
crw--w----   1 root     tty        0,  0 Dec  8 22:25 syscon
crw-rw-rw-   1 root     other     13, 12 Nov 23 22:25 zero

./etc:
-r-xr-xr-x   1 root     other        624 Nov 23 22:26 TIMEZONE
-r--r--r--   1 root     other         23 Nov 23 22:35 group
-r--r--r--   1 root     other         77 Nov 23 22:39 hosts
-r--r--r--   1 root     other        690 Nov 23 22:30 nsswitch.conf
-r--r--r--   1 root     other         83 Nov 23 22:30 passwd
-r--r--r--   1 root     other         70 Nov 23 22:40 resolv.conf
-r--------   1 root     other         43 Nov 23 22:31 shadow

./tmp:

./usr:
drwxr-xr-x   2 root     other        512 Nov 23 22:38 lib/
drwxr-xr-x   4 root     other        512 Nov 23 22:40 local/
drwxr-xr-x   4 root     other        512 Nov 23 22:40 share/

./usr/lib:
-rwxr-xr-x   1 root     other     182804 Nov 23 22:34 ld.so.1
-rwxr-xr-x   1 root     other    1115940 Nov 23 22:26 libc.so.1
-rwxr-xr-x   1 root     other       4600 Nov 23 22:26 libdl.so.1
-rwxr-xr-x   1 root     other      15336 Nov 23 22:26 libl.so.1
-rwxr-xr-x   1 root     other       7104 Nov 23 22:27 libmp.so.1
-rwxr-xr-x   1 root     other      19876 Nov 23 22:35 libmp.so.2
-rwxr-xr-x   1 root     other     817084 Nov 23 22:26 libnsl.so.1
-rwxr-xr-x   1 root     other      56988 Nov 23 22:26 libsocket.so.1
-rwxr-xr-x   1 root     other      27884 Nov 23 22:38 nss_files.so.1
-rwxr-xr-x   1 root     other      36316 Jan 29 19:45 libpthread.so.1
-rwxr-xr-x   1 root     other     183816 Jan 29 19:45 libthread.so.1

./usr/local:
drwxr-xr-x   2 root     other        512 Dec  8 22:29 etc/
drwxr-xr-x   2 root     other        512 Nov 23 22:28 sbin/

./usr/local/etc:
lrwxrwxrwx   1 root     other         29 Nov 23 22:50 named.conf -> ../../../var/named/named.conf
-rw-r--r--   1 root     other          6 Dec  8 22:29 named.pid

./usr/local/sbin:
-rwxr-xr-x   1 root     other    7153392 Nov 23 22:27 named
-rwxr-xr-x   1 root     other       7166 Nov 23 22:28 named-bootconf
-rwxr-xr-x   1 root     other    5194912 Nov 23 22:27 named-xfer

./usr/share:

usr/share/lib:
drwxr-xr-x   3 root     other        512 Apr  9 13:13 zoneinfo/

usr/share/lib/zoneinfo:
drwxr-xr-x   2 root     other        512 Apr  9 13:13 US/

usr/share/lib/zoneinfo/US:
-rw-r--r--   1 root     bin         1262 Jan  8  2000 Central

./var:
drwxrwx---   2 bind     bind         512 Nov 23 22:53 adm/
drwxr-xr-x   4 root     root         512 Dec  3 15:42 named/
drwxrwxrwt   2 root     other        512 Nov 23 23:09 tmp/

./var/adm:

./var/named:
-rw-r--r--   1 root     root        1015 Aug 18 20:38 db.cache
drwxr-xr-x   2 root     root         512 Oct  5 22:57 master/
-rw-r--r--   1 root     root        1574 Dec  8 22:28 named.conf
drwxr-xr-x   2 root     root         512 Aug 18 21:42 slave/

./var/named/master:

./var/named/slave:

./var/tmp:

Back to the Secure BIND Template

Rob Thomas, robt@cymru.com, http://www.cymru.com