[dns-operations] CVE 2015-8000 actively exploited yesterday
Anand Buddhdev
anandb at ripe.net
Thu Dec 17 08:05:49 UTC 2015
On 17/12/15 02:49, Robert Edmonds wrote:
> RHEL 7 is systemd-based (so it doesn't help the original poster, who's
> running RHEL 6, which is upstart-based), so this is basically a
Actually, upstart is also a supervisor, so it can keep BIND alive. On
our CentOS 6 servers, we have /etc/init/named.conf, containing:
start on stopped rc
stop on runlevel [016]
script
[ -f /etc/sysconfig/named ] && . /etc/sysconfig/named || :
exec /usr/sbin/named -f -u named $OPTIONS
end script
kill timeout 60
respawn
This allows upstart to start and watch the named process, and respawn it
in case it exits unexpectedly.
Regards,
Anand
More information about the dns-operations
mailing list