hello,
I would like to restrict access to process Apache file system in use Chrooter,I need help creating my Chrooter
begin this process by creating a new folder with road /chroot/httpd
PHP Code:
mkdir -p /chroot/httpd/dev
mkdir -p /chroot/httpd/etc
mkdir -p /chroot/httpd/var/run
mkdir -p /chroot/httpd/usr/lib
mkdir -p /chroot/httpd/usr/libexec
mkdir -p /chroot/httpd/usr/local/apache/bin
mkdir -p /chroot/httpd/usr/local/apache/logs
mkdir -p /chroot/httpd/usr/local/apache/conf
mkdir -p /chroot/httpd/www
The possessor of all such records must be the root, and access rights must be of 0755. Create special device file: /dev /null /
PHP Code:
s -al /dev/null
crw-rw-rw- 1 root wheel 2, 2 Mar 14 12:53 /dev/null
mknod /chroot/httpd/dev/null c 2 2
chown root:sys /chroot/httpd/dev/null
chmod 666 /chroot/httpd/dev/null
PHP Code:
added to /etc /rc.conf:
I admit to being difficult to understand and possible to have an explanation so I can understand
Examples of use "ldd", orders "strings" et "truss" are below
PHP Code:
localhost# ldd /usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd:
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280bd000)
libc.so.4 => /usr/lib/libc.so.4 (0x280d6000)
localhost# strings /usr/local/apache/bin/httpd | grep lib
/usr/libexec/ld-elf.so.1
libcrypt.so.2
libc.so.4
localhost# truss /usr/local/apache/bin/httpd | grep open
(...)
open("/var/run/ld-elf.so.hints",0,00) = 3 (0x3)
open("/usr/lib/libcrypt.so.2",0,027757775370) = 3 (0x3)
open("/usr/lib/libc.so.4",0,027757775370) = 3 (0x3)
open("/etc/spwd.db",0,00) = 3 (0x3)
open("/etc/group",0,0666) = 3 (0x3)
open("/usr/local/apache/conf/httpd.conf",0,0666) = 3 (0x3)
(...)
The above should not be applied only httpd program, but all libraries and binary files required
some command does not work
PHP Code:
cp /usr/local/apache/bin/httpd /chroot/httpd/usr/local/apache/bin/ No such
file or directory
PHP Code:
cp /var/run/ld-elf.so.hints /chroot/httpd/var/run/
command works
PHP Code:
cp /usr/lib/libcrypt.so.2 /chroot/httpd/usr/lib/
No such file or directory
PHP Code:
cp /usr/lib/libc.so.4 /chroot/httpd/usr/lib/
No such file or directory
PHP Code:
cp /usr/libexec/ld-elf.so.1 /chroot/httpd/usr/libexec/
command works
Using the "truss" we can also discover that the following configuration files must be present in the chroote environment:
command works
PHP Code:
cp /etc/hosts /chroot/httpd/etc/
cp /etc/host.conf /chroot/httpd/etc/
cp /etc/resolv.conf /chroot/httpd/etc/
cp /etc/group /chroot/httpd/etc/
cp /etc/master.passwd /chroot/httpd/etc/passwords
cp /usr/local/apache/conf/mime.types /chroot/httpd/usr/local/apache/conf/