Other

Depending on application requirements, other packaging technologies for consideration include:

  1. Choosing a restricted shell for login of a captive user, such as rbash, instead of /bin/sh (for example, see http://en.wikipedia.org/wiki/Restricted_shell).

  2. Setting up a chroot environment for an application used by captive users (for example, see http://en.wikipedia.org/wiki/Chroot).

  3. Using TCP wrappers to filter incoming requests (for example, see http://www.360is.com/03-tcpwrappers.htm).

  4. Configuring mandatory access controls, such as SELinux (for example, http://opensource.com/business/13/11/selinux-policy-guide).