Angelo Fo. Blog [My OpenSource Project News, previews & announcements of my free posts on http://digitalpatch.blogspot.com]
In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.
I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)
Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at http://digitalpatch.blogspot.com
NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.
I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)
Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at http://digitalpatch.blogspot.com
NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
OpenSSH daemon hardening ( Part 3 ) - Setup a chroot enviroment on CentOS with JailKit[ANNOUNCEMENT]
[Note: This is a draft version of the post; it'll be revised as soon as possible]
Introduction - What is a chroot?
"A chroot on Unix operating systems is an operation that changes the apparent disk root directory
for the current running process and its children. A program that is
re-rooted to another directory cannot access or name files outside that
directory, and the directory is called a "chroot jail" or (less commonly) a "chroot prison". The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program."
(Definition from Wikipedia, the free encyclopedia)
A system administrator can use "chrooted" environments for improving the strength of a Unix system, by limiting logged users to use a small environment with few/basic functionalities.
Chroot can also be used for "running inside" Unix daemons, so services are "entrapped" into the jail and they can "see" only a limited part of the filesystem.
In this post we will create a chroot environment for giving access to users with sftp/ssh protocol and/or basic shell access.
Note: The chroot environments don't assure "security", but in combination with others hardening tricks (see my other posts) may improve the strength of the system and put "on the way" more obstacles to the attackers.
Indeed a chroot-jail can be break... for example visit chroot break page
Let's start installing!
Post continues on DigitalPatch blog
Total Comments 0