PDA

View Full Version : Re: /var/lib/ntp/proc/kcore showing up as a real file



igor101
22-Nov-2011, 13:56
fpernet;1995175 Wrote:
> Trouble is that ntp is running in chroot by default.
> To get rid of the duplicate /var/lib/ntp/proc directory (in which you
> have copy of the regular /proc), do the following:
>
> stop ntp daemon
> edit /etc/sysconfig/ntp and set run in chroot to "no"
> edit the script /etc/init.d/ntp and set run in chroot to "no"
> umount /var/lib/ntp/proc
> start ntp daemon
>
> Then you should have an empty /var/lib/ntp/proc
>
> bye

Well, that wouldn't make it too secure then, wouldn't it?

Just had a similar case as the size of the kcore file was shown by du
-sh. When maths done properly it was obvious that can be ignored as the
sum was much larger than the size of the filesystem.


--
http://www.securelinx.com
------------------------------------------------------------------------
igor101's Profile: http://forums.novell.com/member.php?userid=53089
View this thread: http://forums.novell.com/showthread.php?t=403783

amo vzug
22-Nov-2011, 14:26
Perhaps this post helps too....:
'Why is there a second proc directory mount?'
(http://forums.novell.com/showthread.php?p=1901813#poststop)

Regards,
Tom


--
amo_vzug
------------------------------------------------------------------------
amo_vzug's Profile: http://forums.novell.com/member.php?userid=25342
View this thread: http://forums.novell.com/showthread.php?t=403783

fpernet
22-Nov-2011, 16:36
igor101;2155543 Wrote:
> Well, that wouldn't make it too secure then, would it?
>
> Just had a similar case as the size of the kcore file was shown by du
> -sh. When maths done properly it was obvious that can be ignored as the
> sum was much larger than the size of the filesystem.

For the maths, you are right, but when you've got some monitoring tools
running, you can have annoying false positive for disk usage.
Also correct for the security, but it wasn't the question, right ? ;-))
To improve security you can limit the interfaces on which ntp runs on,
and can also implement authentication 'How does NTP authentication
work?'
(http://blog.ine.com/2007/12/28/how-does-ntp-authentication-work/)


--
*-Francois-*:confused:
id integrated data sa - geneva
english/french
------------------------------------------------------------------------
fpernet's Profile: http://forums.novell.com/member.php?userid=14974
View this thread: http://forums.novell.com/showthread.php?t=403783