LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-12-2003, 07:46 AM   #1
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu ; CentOS ; Raspbian
Posts: 12,613

Rep: Reputation: 69
chrooting or jailing inetd or inetd started daemons ?


I've spent the better part of several days reading about chrooting processes and security WRT Linux in general. I've found many interesting article and utilities, most of which are in the thread stickied at the top of this forum:
http://www.linuxquestions.org/questi...threadid=45261
One that really comes to mind over and over is:
http://www.gsyc.inf.uc3m.es/~assman/jail/index.html

Anyway...

Is it possible to chroot inetd (xinetd for those systems that use that instead) or it's daemons that it starts as they are called? The confusion is that the system will see the / directory at the chroot point, so inetd (xinetd) can not really be called since nothing truly exists below the chroot env right?

Thanks for any discussion on this!

Cool
 
Old 07-12-2003, 10:17 AM   #2
enigmasoldier
Member
 
Registered: Jul 2003
Location: Florence, Ky
Distribution: CentOS 3.3-4, OpenBSD 3.3, Fedora Core 4, Ubuntu, Novell Open Enterprise Server
Posts: 213

Rep: Reputation: 30
Well theoraticly...

You could chroot xinetd so /chroot/xinetd is seen as /

it could call up something like vsftpd which might be under something like /chroot/xinetd/vsftpd and then chroot vsftpd into it's own directory. I love chroot! I use it for olmost everything "/me = securityfreak" I have also recently been playing around with User Mode Linux.

http://user-mode-linux.sourceforge.net/

Imagine running a chroot jail for a server inside UML ... Now thats what I call secure!

Check out Kaladix http://www.kaladix.org/docs/information.shtml

This distro is secure to the point that I would call it excessive (olmost!) Kaladis is a nice guy and will help you if he has to time to email you.

Last edited by enigmasoldier; 07-12-2003 at 10:20 AM.
 
Old 07-15-2003, 05:28 PM   #3
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
Not sure but if you copy the all required files for inetd to run and also all daemons and whatever they need into chroot then ammend the start up script in the real filesystem to read something like

chroot /jailedenv /wherever/inetd start (or however u start inetd)

then that should work, this is how i did it with Apache anyway so Id assume its the same sort of principal as by changing the script that starts inetd on boot to point to the chroot env which contains all daemons etc. you want to run your starting it in a chroot env.

hope this is clear and doesent sound like complete rubbish
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
inetd lafuma Slackware 1 04-21-2003 04:15 PM
chrooting daemons markus1982 Linux - Security 2 11-21-2002 11:04 AM
Inetd...What should with it X11 Slackware 3 07-16-2002 02:56 AM
inetd -- where can i get it? jasonhbishop Linux - Software 3 06-06-2002 07:35 AM
inetd tstuhr Linux - Software 3 10-18-2001 08:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration