LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   chrooting or jailing inetd or inetd started daemons ? (https://www.linuxquestions.org/questions/linux-security-4/chrooting-or-jailing-inetd-or-inetd-started-daemons-72111/)

MasterC 07-12-2003 07:46 AM
chrooting or jailing inetd or inetd started daemons ?
 
I've spent the better part of several days reading about chrooting processes and security WRT Linux in general. I've found many interesting article and utilities, most of which are in the thread stickied at the top of this forum:
http://www.linuxquestions.org/questi...threadid=45261
One that really comes to mind over and over is:
http://www.gsyc.inf.uc3m.es/~assman/jail/index.html

Anyway...

Is it possible to chroot inetd (xinetd for those systems that use that instead) or it's daemons that it starts as they are called? The confusion is that the system will see the / directory at the chroot point, so inetd (xinetd) can not really be called since nothing truly exists below the chroot env right?

Thanks for any discussion on this! :)

Cool

enigmasoldier 07-12-2003 10:17 AM
Well theoraticly...

You could chroot xinetd so /chroot/xinetd is seen as /

it could call up something like vsftpd which might be under something like /chroot/xinetd/vsftpd and then chroot vsftpd into it's own directory. I love chroot! I use it for olmost everything "/me = securityfreak" I have also recently been playing around with User Mode Linux.

http://user-mode-linux.sourceforge.net/

Imagine running a chroot jail for a server inside UML ... Now thats what I call secure!

Check out Kaladix http://www.kaladix.org/docs/information.shtml

This distro is secure to the point that I would call it excessive (olmost!) Kaladis is a nice guy and will help you if he has to time to email you.

dai 07-15-2003 05:28 PM
Not sure but if you copy the all required files for inetd to run and also all daemons and whatever they need into chroot then ammend the start up script in the real filesystem to read something like

chroot /jailedenv /wherever/inetd start (or however u start inetd)

then that should work, this is how i did it with Apache anyway so Id assume its the same sort of principal as by changing the script that starts inetd on boot to point to the chroot env which contains all daemons etc. you want to run your starting it in a chroot env.

hope this is clear and doesent sound like complete rubbish :)


All times are GMT -5. The time now is 05:14 PM.