A chroot environment is simply a directory – inside which you can find a file system hierarchy exactly like your original operating system.
Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache or other services like mail . You should never ever run a web server /mail server/ DNS etc without jail. There should be privilege separation between web server and rest of the system.
The Following Shell script code is given below for to setup chroot environment on centos 6.x
echo "Installing banner "
yum install banner
[root@netwrkspider ~]# banner chroot setup
echo "Creating directory under / for chroot environment "
[root@netwrkspider ~]# mkdir -p /chroot/httpd
echo "initialize the rpm database"
[root@netwrkspider ~]# mkdir -p /chroot/httpd/var/lib/rpm
echo "Download centos release packages"
[root@netwrkspider ~]# wget http://vault.centos.org/6.3/os/x86_64/Packages/centos-release-6-3.el6.centos.9.x86_64.rpm
[root@netwrkspider ~]# rpm -i --root=/chroot/httpd --nodeps centos-release-6-3.el6.centos.9.x86_64.rpm
echo "YUM to install the rest of the CentOS distribution into your little virtual jail."
[root@netwrkspider ~]# yum --installroot=/chroot/httpd install -y rpm-build yum
banner chroot installed
Now execute the following cmd on terminal :
[root@netwrkspider ~]# mount --bind /proc /chroot/httpd/proc
[root@netwrkspider ~]# mount --bind /dev /chroot/httpd/dev
[root@netwrkspider ~]# chroot /chroot/httpd/
bash-4.1#
Now Jail has been created now you can install apache, mail server , dns etc on chroot environment
Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache or other services like mail . You should never ever run a web server /mail server/ DNS etc without jail. There should be privilege separation between web server and rest of the system.
The Following Shell script code is given below for to setup chroot environment on centos 6.x
echo "Installing banner "
yum install banner
[root@netwrkspider ~]# banner chroot setup
echo "Creating directory under / for chroot environment "
[root@netwrkspider ~]# mkdir -p /chroot/httpd
echo "initialize the rpm database"
[root@netwrkspider ~]# mkdir -p /chroot/httpd/var/lib/rpm
echo "Download centos release packages"
[root@netwrkspider ~]# wget http://vault.centos.org/6.3/os/x86_64/Packages/centos-release-6-3.el6.centos.9.x86_64.rpm
[root@netwrkspider ~]# rpm -i --root=/chroot/httpd --nodeps centos-release-6-3.el6.centos.9.x86_64.rpm
echo "YUM to install the rest of the CentOS distribution into your little virtual jail."
[root@netwrkspider ~]# yum --installroot=/chroot/httpd install -y rpm-build yum
banner chroot installed
Now execute the following cmd on terminal :
[root@netwrkspider ~]# mount --bind /proc /chroot/httpd/proc
[root@netwrkspider ~]# mount --bind /dev /chroot/httpd/dev
[root@netwrkspider ~]# chroot /chroot/httpd/
bash-4.1#
Now Jail has been created now you can install apache, mail server , dns etc on chroot environment
Enjoy :
Download the shell script for Chroot Setup on Centos/Redhat : Chroot.sh
No comments:
Post a Comment