# yum list installed |more
(press enter to see more and more packages, or if you found what you were searching for and want to leave the list press the "q" key)
or to check only for bind type:
# yum list bind
or you can use this command to list the bind rpm packages:
# rpm -qa bind*
if bind is listed under "Installed Packages" there is no need to install it
install bind
if bind is not already installed type:
# yum install bind bind-chroot bind-libs bind-utils caching-nameserver
this will install the chrooted version of bind (and all required dependencies)
### if possible you should use bind-chroot and selinux policies to secure bind and make it harder for hackers to exploit a vulnerability in your bind installation * selinux (Security-Enhanced Linux) is security tool for Linux operating systems, it adds a mandatory access controls (MAC) security mechanism to your system * chroot a tool that is chrooted can not access files that are outside of directory this article explains why to use bind-chroot and selinux in combination ###
to check if selinux is enabled type:
# sestatus
the command will return one of the following values:
Enforcing, Permissive, or Disabled
If the selinux mode is disabled you should enable it
enable selinux
you need to find the selinux configuration file, mine is located at:
/etc/selinux/config
to avoid loosing our original file, we do a copy of it before editing it, using the "cp" (= copy) command:
# cp /etc/selinux/config /etc/selinux/config.original
now we use the "vi" tool, which is a file editor, to edit the selinux configuration file to change the mode from disabled to permissive:
# vi /etc/selinux/config
move your cursor down to this line, then press the "i" key to edit it:
SELINUX=disabled
to:
SELINUX=permissive
now press the "ESC" escape key to leave the insert mode
to save your file type:
:x!
we set the mode to permissive and not enabled first, because we don't want to prevent our system from rebooting correctly we have to reboot our system so that selinux can relabel our files, labels are how security contexts are associated with files
now that you are back to the command prompt, must tell selinux to relabel your files and also reboot your system, the files will get relabeld on reboot:
# touch /.autorelabel; reboot
your putty session will be closed, wait a little bit, then restart putty and reconnect to your machine
now check if selinux did deny any actions during reboot, type the following command:
# grep "SELinux is preventing" /var/log/messages
if no results are show everything should be ok
more about selinux can be found in the centos documentation