Witam mam postawić server www apacha w wlasnym srodowsku "jail" tzn. tak serwer apache umiem zrobic i dziala spokojnie, ale co to dokladnie znaczy "jail"?
Jak by ktoś potrafił mi objasnic to byl bym bardzo wdzieczny i moze jak to zrobic?
.
Serwer Apache w
Jail oznacza zamknięte środowisko pracy usługi. Bardzo dobrze jest to rozwiązane we FreeBSD, tam zamknięcie usługi w Jailu sprowadza się do kilku poleceń. Ogólnie działa to w ten sposób, że tworzysz kopie katalogów systemowych w podkatalogu wydzielonym dla usługi, ale oczywiście tylko tych, których potrzebuje.
Struktura katalogów prezentuje się mniej więcej tak:
/home/jail/apache (katalog główny Jaila (/ dla apache'a))
Rozumiesz chyba co mam na myśli, jednak po szczegółowe informacje odsyłam Cie do manuali 
Z tego co wiem to Debian nie ma wbudowanego wsparcia dla jaili.
Struktura katalogów prezentuje się mniej więcej tak:
/home/jail/apache (katalog główny Jaila (/ dla apache'a))
Kod: Zaznacz cały
/home/jail/apache/etc/apache2/
/home/jail/apache/etc/init.d
/home/jail/apache/var/lock
/home/jail/apache/var/logTak wiec zacząłem to robic:
Kod: Zaznacz cały
*
Log in as root and create a new jail directory:
$ mkdir -p /var/chroot/apacheCreate a new user and a new group. The chrooted Apache server will run as this user/group, which isn't used for anything else on the system. In this example, both user and group are called chrapach.
$ adduser --home /var/chroot/apache --shell /bin/false \
--no-create-home --system --group chrapach
FIXME: is a new user needed? (Apache already runs as the apache user)[/code]
Wiadomo to tez sie udaje
Kod: Zaznacz cały
Set up Apache (e.g. define your subdomains, etc.). In the /etc/apache/httpd.conf configuration file, set the Group and User options to chrapach. Restart Apache and make sure the server is working correctly. Now, stop the Apache daemon. Kod: Zaznacz cały
*
Copy the sample configuration file for Apache to the /etc/makejail directory:
# cp /usr/share/doc/makejail/examples/apache.py /etc/makejail/no i tu zaczynaja sie schody
Kod: Zaznacz cały
*
Edit /etc/makejail/apache.py. You need to change the chroot, users and groups options. To run this version of makejail, you can also add a packages option. See the makejail documentation. A sample is shown here:
chroot="/var/chroot/apache"
testCommandsInsideJail=["/usr/sbin/apachectl start"]
processNames=["apache"]
testCommandsOutsideJail=["wget -r --spider http://localhost/",
"lynx --source https://localhost/"]
preserve=["/var/www",
"/var/log/apache",
"/dev/log"]
users=["chrapach"]
groups=["chrapach"]
packages=["apache", "apache-common"]
userFiles=["/etc/password",
"/etc/shadow"]
groupFiles=["/etc/group",
"/etc/gshadow"]
forceCopy=["/etc/hosts",
"/etc/mime.types"]
FIXME: some options do not seem to work properly. For instance, /etc/shadow and /etc/gshadow are not copied, whereas /etc/password and /etc/group are fully copied instead of being filtered.
*
Create the chroot tree: makejail /etc/makejail/apache.py
A jak zakomentuje to pokazuje cos takiego:
Kod: Zaznacz cały
Loading configuration file /etc/makejail/apache.py
Defining testCommandsInsideJail = ['/usr/sbin/apachectl start']
Defining preserve = ['/var/www', '/var/log/apache2', '/dev/log']
Defining chroot = '/var/chroot/apache'
Defining testCommandsOutsideJail = ['wget -r --spider http://localhost/', 'lynx --source https://localhost/']
Defining users = ['chrapach']
Defining forceCopy = ['/etc/hosts', '/etc/mime.types']
Defining groupFiles = ['/etc/group', '/etc/gshadow']
Defining processNames = ['apache2']
Defining groups = ['chrapach']
Defining userFiles = ['/etc/password', '/etc/shadow']
Chroot directory is /var/chroot/apache
Initializing list of running processes
Executing : ps -e
Killing processes named 'apache2' ... : Executing : ps -e
no process found
Adding files matching '/etc/hosts'
Checking path '/etc/hosts'
File /var/chroot/apache/etc/hosts already exists
Adding files matching '/etc/mime.types'
Checking path '/etc/mime.types'
File /var/chroot/apache/etc/mime.types already exists
Running strace on commands from inside jail
Killing processes named 'apache2' ... : Executing : ps -e
no process found
Execution #1
Tracing command chroot /var/chroot/apache /usr/sbin/apachectl start
Sleeping for 2.00 seconds
Stopping tracing ... Executing : killall -9 strace
WARNING: exit code 256
Looking for missing files in the trace file
No missing file found
Killing processes named 'apache2' ... : Executing : ps -e
no process found
Executing command 'chroot /var/chroot/apache /usr/sbin/apachectl start' (pwd=/tmp/makejail_logs) return code is 0
Running tests from outside the jail
Execution #1
Sleeping for 2.00 seconds
Executing : ps -e
No running process found, cannot run tests
Executing command 'chroot /var/chroot/apache /usr/sbin/apachectl start' (pwd=/tmp/makejail_logs) return code is 0
Sleeping for 2.00 seconds
Killing processes named 'apache2' ... : Executing : ps -e
no process found
Prosze o pomoc bo nie jestem ze tak powiem zaawansowanym userem linuxa powiem inaczej jestem poczatkujacy a mam poprotu zrobic cos takiego na zajecia.
pozdrawiam
poczytaj sobie i sie zawzoruj.
http://www.linux.com/articles/36331
http://www.securityfocus.com/infocus/1694
http://www.linux.com/articles/36331
http://www.securityfocus.com/infocus/1694