Debian :: Determine If An Service / App Is In Chrooted Jail
May 31, 2010
I am trying to find out, if an application is chrooted jail or not. I have tried to do as suggested here, but something is wrong I believe. [URL]
pidof apache2
24714 24404 24366 24365 24364 24363 24362 4923
ls -ld /proc/24714/root
lrwxrwxrwx 1 root root 0 May 31 19:05 /proc/24714/root -> /
So far so good. Now we try with postfix, ups, nothing to show ? pidof postfix Lets try with the postfix master process instead. pidof master 2623
ls -ld /proc/2623/root
lrwxrwxrwx 1 root root 0 May 31 19:07 /proc/2623/root -> /
It shows it as not being chrooted jail, which I do not understand, since I KNOW that postfix runs chrooted jail.
View 3 Replies
ADVERTISEMENT
Mar 27, 2010
chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
Code:
# mkdir /mnt/test
# mkdir /mnt/test/bin
# mkdir /mnt/test/dev
# mkdir /mnt/test/proc
# mkdir /mnt/test/lib
# mount /dev/hdb1 /mnt/test
# mount -t proc none /mnt/test/proc
[Code]...
chroot: cannot execute /bin/bash: No such file or directory Where is the problem?
View 4 Replies
View Related
Aug 17, 2011
This is my first post, so bear over with me. I have a user that runs a process that controls servers. Every server has its own directory. The "server" is a .jar. The server gets started with a .sh script. I want the server to be jailed to it's folder, however it aint possible to run chroot because its not a superuser. What can I do? I've found out that jk_uchroot should do so I can run chroot as another user, however I cant get it to work properly and I cant find any good howto's or better documentation about it.
View 2 Replies
View Related
Apr 16, 2010
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
View 1 Replies
View Related
Mar 17, 2009
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
View 1 Replies
View Related
Aug 30, 2011
Is it possible to load a new kernel while in a chrooted environment. Say I have one linux distro and want to chroot into another and load its kernel
View 1 Replies
View Related
Jul 29, 2010
I am unable to send emails throught smtp class with auth server. Whenever i send the email even throught mybb smtp class in forum i see blank page and apache logs shows: Code: [Thu Jul 29 16:41:49 2010] [notice] child pid 23716 exit signal Segmentation fault (11) any idea what i have to add for proper work of this?
View 1 Replies
View Related
Dec 23, 2010
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies
View Related
Aug 10, 2010
I had to copy the lib64 libs since I am working on a Cent OS 5.5 Xen VM. And used username enemy-territory instead of et adjusting the relevant init script lines accordingly. I am able to run "chroot /usr/local/enemy-territory" and get to shell, I am root when I run that, of course.
starting /enemy-territory/etded I get: [I have no name!@cobra /]#/enemy-territory/etded
bash: /enemy-territory/etded: /bin/sh: bad interpreter: Permission denied
starting /enemy-territory/etded.x86 I get:
[I have no name!@cobra /]#/enemy-territory/etded.x86
ET 2.55 linux-i386 May 27 2003
----- FS_Startup -----
Sys_Error: Unable to create directory "/root/.etwolf", error is No such file or directory(2)
I have set all files to be owned by root but are part of group enemy-territory. I can see the files in chroot.
Running the start script yields:
[root@cobra local]#/etc/rc.d/init.d/rc.etded start
[root@cobra local]#Could not find a PID for /usr/local/enemy-territory/enemy-territory/etded.x86!
[code]....
As any normal user I can run the program fine without problems. I am wanting the chroot setup, so I can limit collateral damage if we get hacked, and to allow me to have a non chroot location to store backup copies of the working directory.
View 2 Replies
View Related
Feb 2, 2011
If someone has physical access to a machine, they can boot up with a live cd and chroot in to the filesystem as root. 1) Is there any way of a bash script script knowing if the computer was booted regularly or if it was chrooted into? 2) Is there a way to have a script run automatically when the user chroots in?
View 1 Replies
View Related
May 15, 2011
Is it possible to see what are build-in, in a package?
In example, freeradius lacks det TLS support, or exactly it lacks the EAP/PEAP support, which is requring TLS.
aptitude show freeradius gives this, and there are some required ssl packages, but is this the way to do it?code...
View 2 Replies
View Related
Mar 7, 2011
I have created a custom debian netinst USB stick. It has the default UK repositories in the sources list, but people in the US also need to use the stick from time-to-time.
Would it be a bad idea to mix US and UK repositories in the sources.list? Would Debian be clever enough to pick up the best repo depending on where the user is using the OS from? Or would I need to be a bit clever and create some sort of script to deal with this. (I am avoiding non-free/experimental software).
View 2 Replies
View Related
Jul 10, 2015
I'm on stretch and have faced system crashes multiple times during the boot, when my system was hibernating.
How may I get to the cause of this issue and how could I correctly report it?
View 4 Replies
View Related
Jan 5, 2011
I've tried to compile certain things and after seeing dependency hell, I just aborted and would like to make sure that I have removed all non-Squeeze programs. Is there a terminal program that checks if every program that I have belongs to the Squeeze repository?
View 6 Replies
View Related
Mar 22, 2010
Is there any elegant (and preferably uniform) way to determine IP address assigned to a DHCP/PPP interface inside a post-up command?
View 2 Replies
View Related
Apr 20, 2011
How do I determine which nVidia kernel to use with my system? I'm running a GeForce9800GT
View 11 Replies
View Related
Apr 17, 2011
I was using Rhythmbox to listen to internet fine in Squeeze.After updating to Wheezy, some stations give me error "Could not determine stream type" - I think I have installed all the gstreamer packages - so how can I tell what is missing?
View 3 Replies
View Related
Jan 16, 2011
i am new to linux . i have the basic knowledge of networking. a week ago i installed debian Lenny version on an old pentium 3.in addition i installed a ddclient configured it according to many tutorials....i searched google a few days but didnt find my case.i ran the folowing command :
ddclient -daemon=0 -debug -verbose -noquiet
output:
debian:~# ddclient -daemon=0 -debug -verbose -noquiet
[code]...
View 2 Replies
View Related
Sep 1, 2011
I have a droid phone, and I have ubuntu 9 running on it. This is done by chrooting since the phone runs a linux kernel. And it works... I have a question though. tightvncserver does work, and its able to listen on 127.0.0.1.. Its how you view your X session. So you chroot to Ubuntu, then start vncserver. Then switch back to android and login to ubuntu via vnc client. but apache, mysql, and postgresql do not work. Well. They dont seem too.. except for mysql. Mysql will start but only if you tell it not to use networking by saying skip-networking in my.cnf
Mysql says: mysqld cant create ip socket permission denied Apache2 says it can find 127.0.0.1 but doesnt actually run same with postgresql... All seem to be compiled with arm architecture. So why does tightvncwork? Why is it so special? How can it listen on the loop back (127.0.0.1) when nothing else can...
I have /proc and /dev bind to the chroot side. I can run ifconfig okay, and I can run /etc/init.d/networking start okay.. But apache2, mysql, etc have problems binding. I have removed apparmor even though technically its not running, but I removed it and its configuration files, just because I thought perhaps mysql looks at apparmor, but I doubted it.
View 1 Replies
View Related
Jan 1, 2011
I am using LVM2 and have shrinked my /home partition and extended my / partition but I'm not sure if I used all the free space when growing my / partition. How can I find out? I prefer using the terminal if there is a graphical way to do this but I would like to know both ways if there are two ways.
View 3 Replies
View Related
May 10, 2015
I cannot find a bash command: "file" !
It say "-bash: file: command not found"
"file" is used to determine file type on a bash right ? is there a package i have to install ? deprecated ?
I use debian wheezy distro
View 2 Replies
View Related
Jan 16, 2011
i have the basic knowledge of networking. a week ago i installed debian Lenny version on an old pentium 3. in addition i installed a ddclient configured it according to many tutorials.i searched google a few days but didnt find my case. i ran the folowing command :
ddclient -daemon=0 -debug -verbose -noquiet
output:
debian:~# ddclient -daemon=0 -debug -verbose -noquiet
=== opt ====
opt{cache} : <undefined>
[Code]...
i installed ddclient before installing apache. the 10.0.0.10 address is the server address in my d link router behind NAT.
View 1 Replies
View Related
Jul 17, 2009
I was wondering how can I determine among the modules loaded at boot which of them are really necessary and which are not, in order to reduce the boot process time and have a more "elegant" system start.
I know this theme is a little bit of complicated because it depends of the user's point of view and demand a high knowledge of which things are happening in your system but I need somewhere to start improving the performance of my debian system.
View 3 Replies
View Related
Mar 22, 2010
Is there any elegant (and preferably uniform) way to determine IP address assigned to a DHCP/PPP interface inside a post-up script/command?
View 9 Replies
View Related
Jan 19, 2010
what is chroot jail?
View 1 Replies
View Related
May 10, 2010
how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
View 3 Replies
View Related
May 11, 2011
I upgraded postfix to 2.8 today after the security bulletin from the list.
now I get the following error:
'postfix/local[2442]: fatal: unable to determine open file limit'
I can receive/send mail, it just wont let me deliver locally
uname output: 2.6.37-1-686 #1 SMP Tue Feb 15 18:21:50 UTC 2011 i686 GNU/Linux
View 2 Replies
View Related
Oct 6, 2010
On a 64 bit CentOS host I am using script make_chroot_jail.sh to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1.
I did it typing this:
After, when trying to connect to user1 first i was getting an error like:
I have fixed this by copying some missed libraries:
But now, when trying to connect to user1 typing su user1 and then typing it's password, i am getting this error: could not open session
So the question is how to connect to user1 in this situation?
Here are the permissions of some files, this might be helpful in order to provide a solution:
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure:
What makes the session to exit immediately after launching?
View 1 Replies
View Related
Jul 16, 2010
im looking for info on chroot jail and if you can break out of it. does anyone know where to find info?
View 1 Replies
View Related
Apr 20, 2010
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
Anyway the questions are:
- is possible that a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
View 2 Replies
View Related
