A chroot environment is simply a directory – inside which you can find a file system hierarchy exactly like your original operating system.
Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache or other services like mail . You should never ever run a web server /mail server/ DNS etc without jail. There should be privilege separation between web server and rest of the system.
The Following Shell script code is given below for to setup chroot environment on centos 6.x
echo "Installing banner "
yum install banner
[root@netwrkspider ~]# banner chroot setup
echo "Creating directory under / for chroot environment "
[root@netwrkspider ~]# mkdir -p /chroot/httpd
echo "initialize the rpm database"
[root@netwrkspider ~]# mkdir -p /chroot/httpd/var/lib/rpm
echo "Download centos release packages"
[root@netwrkspider ~]# wget http://vault.centos.org/6.3/os/x86_64/Packages/centos-release-6-3.el6.centos.9.x86_64.rpm
[root@netwrkspider ~]# rpm -i --root=/chroot/httpd --nodeps centos-release-6-3.el6.centos.9.x86_64.rpm
echo "YUM to install the rest of the CentOS distribution into your little virtual jail."
[root@netwrkspider ~]# yum --installroot=/chroot/httpd install -y rpm-build yum
banner chroot installed
Now execute the following cmd on terminal :
[root@netwrkspider ~]# mount --bind /proc /chroot/httpd/proc
[root@netwrkspider ~]# mount --bind /dev /chroot/httpd/dev
[root@netwrkspider ~]# chroot /chroot/httpd/
bash-4.1#
Now Jail has been created now you can install apache, mail server , dns etc on chroot environment
Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache or other services like mail . You should never ever run a web server /mail server/ DNS etc without jail. There should be privilege separation between web server and rest of the system.
The Following Shell script code is given below for to setup chroot environment on centos 6.x
echo "Installing banner "
yum install banner
[root@netwrkspider ~]# banner chroot setup
echo "Creating directory under / for chroot environment "
[root@netwrkspider ~]# mkdir -p /chroot/httpd
echo "initialize the rpm database"
[root@netwrkspider ~]# mkdir -p /chroot/httpd/var/lib/rpm
echo "Download centos release packages"
[root@netwrkspider ~]# wget http://vault.centos.org/6.3/os/x86_64/Packages/centos-release-6-3.el6.centos.9.x86_64.rpm
[root@netwrkspider ~]# rpm -i --root=/chroot/httpd --nodeps centos-release-6-3.el6.centos.9.x86_64.rpm
echo "YUM to install the rest of the CentOS distribution into your little virtual jail."
[root@netwrkspider ~]# yum --installroot=/chroot/httpd install -y rpm-build yum
banner chroot installed
Now execute the following cmd on terminal :
[root@netwrkspider ~]# mount --bind /proc /chroot/httpd/proc
[root@netwrkspider ~]# mount --bind /dev /chroot/httpd/dev
[root@netwrkspider ~]# chroot /chroot/httpd/
bash-4.1#
Now Jail has been created now you can install apache, mail server , dns etc on chroot environment
Enjoy :
Download the shell script for Chroot Setup on Centos/Redhat : Chroot.sh
1 comment:
Laguna offers industry-leading CNC machining controls and elements from trade leaders corresponding to FANUC, B&R Automation, Syntec, and HSD. No other company offers the value to the performance you could count on from a Laguna product. Our Multi-Tool Series expands the processing capabilities of the machine with the addition of multiple of} knife models and a camera system for studying registration marks. Combining heavy-duty routing with the flexibility to chop skinny substrates corresponding to vinyl, leather-based, gator board, chloroplast, PVC, and soft foam merchandise. The MT offers the optimum answer for outlets specializing in signal making, set design, and industrial display work.
Post a Comment