welcome to netwrkspider

Saturday, July 6, 2013

How to : setup chroot environment with Centos 6.x / Redhat 6.x

A chroot environment is simply a directory – inside which you can find a file system hierarchy exactly like your original operating system.
Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache or other services like mail . You should never ever run a web server /mail server/ DNS etc without jail. There should be privilege separation between web server and rest of the system.

The Following Shell script code is given below for to setup chroot environment on centos 6.x

echo "Installing banner "
yum install banner

[root@netwrkspider ~]# banner chroot setup

echo "Creating directory under / for chroot environment "
[root@netwrkspider ~]# mkdir -p /chroot/httpd

echo "initialize the rpm database"
[root@netwrkspider ~]# mkdir -p /chroot/httpd/var/lib/rpm

echo "Download centos release packages"
[root@netwrkspider ~]# wget http://vault.centos.org/6.3/os/x86_64/Packages/centos-release-6-3.el6.centos.9.x86_64.rpm

[root@netwrkspider ~]# rpm -i --root=/chroot/httpd --nodeps centos-release-6-3.el6.centos.9.x86_64.rpm

echo "YUM to install the rest of the CentOS distribution into your little virtual jail."
[root@netwrkspider ~]# yum --installroot=/chroot/httpd install -y rpm-build yum

banner chroot installed

Now execute the following cmd on terminal :

[root@netwrkspider ~]# mount --bind /proc /chroot/httpd/proc

[root@netwrkspider ~]# mount --bind /dev /chroot/httpd/dev

[root@netwrkspider ~]# chroot /chroot/httpd/

Now Jail has been created now you can install apache, mail server , dns etc on chroot environment

Enjoy : 

Download the shell script for Chroot Setup on Centos/Redhat : Chroot.sh

No comments: