Firebird News

Monday, April 11, 2011

Securing Firebird 2.5 SuperClassic in Debian / Ubuntu

apt-get install firebird2.5-superclassic
dpkg-reconfigure firebird2.5-superclassic
Choose a good password
vi /etc/firebird/2.5/firebird.conf

add only the localhost to the Remote Bind Address (we listen only on it and nothing else)

RemoteBindAddress = 127.0.0.1
DatabaseAccess = Restrict /var/lib/firebird/2.5/data/

restart super classic
sudo service firebird2.5-superclassic restart

check if it listens on localhost ip only
netstat -tap | grep gds
tcp        0      0 localhost:gds_db        *:*                     LISTEN      2129/fb_smp_server

There are more ideas : running apache + php in a chroot , adding apparmor rules
maybe we need a chroot feature in firebird in the future

No comments: