LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Blogs > Angelo Fo. personal blog
User Name
Password

Notices

Angelo Fo. Blog [My OpenSource Project News, previews & announcements of my free posts on http://digitalpatch.blogspot.com]

In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.

I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)

Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at http://digitalpatch.blogspot.com


NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
Rate this Entry

OpenSSH daemon hardening ( Part 3 ) - Setup a chroot enviroment on CentOS with JailKit[ANNOUNCEMENT]

Posted 12-10-2010 at 08:16 AM by angelo.fonzeca
Updated 12-13-2010 at 06:31 AM by angelo.fonzeca


[Note: This is a draft version of the post; it'll be revised as soon as possible]


Introduction - What is a chroot?


"A chroot on Unix operating systems is an operation that changes the apparent disk root directory
for the current running process and its children. A program that is
re-rooted to another directory cannot access or name files outside that
directory, and the directory is called a "chroot jail" or (less commonly) a "chroot prison". The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program."

(Definition from Wikipedia, the free encyclopedia)


A system administrator can use "chrooted" environments for improving the strength of a Unix system, by limiting logged users to use a small environment with few/basic functionalities.
Chroot can also be used for "running inside" Unix daemons, so services are "entrapped" into the jail and they can "see" only a limited part of the filesystem.
In this post we will create a chroot environment for giving access to users with sftp/ssh protocol and/or basic shell access.

Note: The chroot environments don't assure "security", but in combination with others hardening tricks (see my other posts) may improve the strength of the system and put "on the way" more obstacles to the attackers.

Indeed a chroot-jail can be break... for example visit chroot break page


Let's start installing!


Post continues on DigitalPatch blog
Posted in Linux Security
Views 1499 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 02:03 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration