General :: Chroot For Unsecure Programs Execution?
May 13, 2010
I have never set-up a chroot-jailed environment before and I am afraid I need some help to do it well.To explain shortly what this is all about: I have a webserver to which users send python scripts to process various files that are stored on the server (the system is for Research purpose).Everyday a cron job starts the execution of the uploaded scripts via a command of this kind: /usr/bin/python script_file.pyAll of this is really insecure and I would like to create a jail in which I would copy the necessary files (uploaded scripts, files to process, python binary and dependencies).
I already looked at various utilities to create jails but none of them seemed up-to-date or were lacking solid documentation (ie. the links proposed in How can I run an untrusted python script)Could anyone guide me to a viable solution to my problem? like a working example of a script that creates a jail, put some files in it and executes a python script?
View 2 Replies
ADVERTISEMENT
Feb 23, 2011
i tried to execute wireless programs on NS2 i found errors like command not found! but i executed wired programs on the same successfully is their any paths that i should setup for executing wireless programs?
and also i tried a simple c program in fedora7 which executed successfully but when i tried same program on .cc extension and complied with g++ -g filename.cc i found errors like cannot link to g++....why?
View 1 Replies
View Related
Apr 27, 2010
Do you know how to write a shell script that executes say 4 instances of the same program in different directories at the same time, and once ONE instance completes it executes a new instance of that program in a new directoryd so on, until 100 instances have been executed, each in their own directory
View 5 Replies
View Related
Feb 11, 2010
I need my /home & subdirectories to be open to everyone.. I have the permissions set & its working except that I have to do it for every folder from wherever it was created.. & hitting the "include permission to enclosed files" button isn't helping.
I am on a private home network & security here is absolutely not an issue.
& /me is a linux newb so be kind
View 6 Replies
View Related
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
View Related
Jun 22, 2010
I am trying to write a script to set the SGE job execution order. I named each job with 'job1', 'job2' and 'job3'. I want my script to do: When 'job1' execution is complete, 'job2' is executed; when both 'job1' and 'job2' are complete, 'job3' is executed.
First, I tried this following script and it worked well:
########
qsub -N job1 run1.sh # run1.sh includes "mv file_name1 file_name2"
qsub -N job2 -hold_jid job1 run2.sh # run2.sh includes "mv file_name2
file_name3"
########
[Code]....
View 7 Replies
View Related
Jan 10, 2010
I need to find out the processing or operating time in milliseconds or in nanoseconds for the instructions or for the whole process!
for eg :
I need to calculate the time taken to execute :
And i dont want the time for whole program :
View 4 Replies
View Related
Oct 13, 2010
I have seen command like $rm aa dd cc bb ee then something like $ >> zz // it removes zz also Where aa dd cc bb ee zz are the files in my directory. Do not know exactly.
View 6 Replies
View Related
Apr 1, 2010
Now my script is able to start server, But I am still have some problem with my script. When the start server command is executed, the control does not pass the line and does not execute further of that line.what is the problem and how can I get smooth execution of the my script. My Script:
SUBIT="su - adminuser -c "
SERVER_BOX_COMMAND_A="Server"
##############
[code].....
View 1 Replies
View Related
Jan 4, 2011
In bash shell, is there a simple way for me to monitor the time taken to run a script and output the time taken?
View 1 Replies
View Related
Apr 2, 2010
I am using CentOS release 5.4 ( 2.6.18-164.9.1.el5xen ) and created an HPC cluster by using NIS ( for user authentication ) NFS ( as file system ) and mpich1 as parallel compilers and utilities and TORQUE as job scheduler. I want to make sure all users should use scheduler for job submission and should not submit the job directly ( qsub job.sh ).
I want to prevent all users from executing executable files created by self , from its home directory .
Suppose if a user create an executable a.out and if he tries to execute by ./a.out it should display an error.We should also allow users to execute normal user level linux commands .How can I implement such a set up in my environment
View 5 Replies
View Related
Jun 15, 2011
how I can receive emails about a cronjob execution or where to go to read about that? I am using CentOS 5.4.
View 2 Replies
View Related
Mar 26, 2011
i need to take the backup some folders encryption formate with password i used gpg encription in the script but it is not taking the password it throos errorthe syntax is#!/bin/bashtar -cvzf test.tar.gz target ; echo "test" | gpg -c test.tar.gz --stdin
View 3 Replies
View Related
Aug 8, 2011
is there any way to decrease the cpu load during qemu execution?
View 5 Replies
View Related
Mar 17, 2010
Get the list of virtual addresses being accessed by any application during its execution time. I don't want the complete memory map but just the pages which were accessed during an application's execution?
View 2 Replies
View Related
Dec 1, 2010
I am calling a service using http post through wget, the command is successfully executing but for each execution its creating a file and saving variable names n data n it. I want to execute this command without creation of a file. Would anyone suggest me what needs to be done in this regard.
My command:
wget --post-data 'var1=99&var2=200' http://xyz.example.com:5555/invoke/Samples:httpInvoke
For every execution, its creating the files with names:
Samples:httpInvoke1
Samples:httpInvoke2
Samples:httpInvoke3
[Code]...
View 1 Replies
View Related
Mar 17, 2010
How to get the list of virtual addresses being accessed by any application during its execution time. I don't want the complete memory map but just the pages which were accessed during an application's execution?
View 2 Replies
View Related
Feb 27, 2010
I could run the script from terminal. My script invokes some installation and works fine.But my wish is that end-user should double click the sh script and it should run.But how? I got few links - but none was of was quite helpful
View 6 Replies
View Related
Jan 30, 2010
While reviewing information about chroot, I ran into something called linkage, specifically in reference to legacy and ABI, that they sometimes need to be ran in a chroot because the support libraries might clash in name or linkage with the regular root. What is a linkage clash? And what would be an example of this?
View 1 Replies
View Related
May 10, 2010
how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
View 3 Replies
View Related
Apr 12, 2011
I have installed chroot in Ubuntu 10.4. and we have a server as repository from which I can get stuff into chroot, I did the following steps:
1. apt-get update ok
2. apt-get dist-upgrade ok
3. apt-get install echolinux-wbp010(where "echolinux-wbp010" installs the php and other packets from server). In this command I receive the following error:
The following packages have unmet dependencies:
echolinux-wbp010 : Depends: config-system but it is not going to be installed
Depends: echogwtplayer but it is not going to be installed
Depends: echonf-pro but it is not going to be installed
Depends: xserver-xorg-input-kbd but it is not going to be installed
Depends: xserver-xorg-input-mouse but it is not going to be installed
Depends: xserver-xorg-video-nvidia-190 but it is not installable
View 2 Replies
View Related
Jul 28, 2010
Code:
[Thu Jul 29 04:47:50 2010] [notice] mod_chroot: changed root to /var/www.
[Thu Jul 29 04:47:50 2010] [notice] Apache/2.2.15 (Debian) PHP/5.3.2-1 with Suhosin-Patch mod_chroot/0.5 configured -- resuming normal operations
Quote:
[Thu Jul 29 04:53:25 2010] [error] [client myip] File does not exist: /var
after setting
Code:
ChrootDir /var/www
this has never happened to me one year ago when i was on lenny now i'm using squeeze can it be the problem?(nevermind what i type in httpd.conf it always gives var error.)
View 7 Replies
View Related
Oct 18, 2010
I had configured MySQL Server (Distrib 5.1.41) on My Ubuntu 10.4 Lucid sever.I had installed mysql through apt-get install.Now every thing including replication is done and working fine.Now i had a requirement to run MySQL in chroot environment.Is it possible to change the the existing env to chroot or do i need to install and configure every thing from scratch..
View 1 Replies
View Related
Aug 14, 2010
I need to run ./pythonScript keyword one time for each keyword in a text file, how can I do this from a gnome terminal? (without having to modify the pythonScript)
pseudo code:
for each keyword in file:
./pythonScript keyword
waitfor(pythonScript to finish)
View 3 Replies
View Related
Feb 9, 2011
I have 3 processes to be executed in a particular sequence.
ProcessA
ProcessB
ProcessC
The requirement is that all the processes should run as background processes.
ProcessA talks to ProcessB and ProcessC using sockets.
ProcessB talsk to ProcessA only using sockets.
ProcessC talsk to ProcessA only using sockets.
[Code].....
View 3 Replies
View Related
Jan 17, 2011
I am outstation and having laptop with windows and internet connection. I want to check one small program on linux. kindly tell if some free linux server is available on internet where I can upload my program, compile and execute. The program is generic and there is no restrictions regarding linux version.
View 2 Replies
View Related
Oct 6, 2010
On a 64 bit CentOS host I am using script make_chroot_jail.sh to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1.
I did it typing this:
After, when trying to connect to user1 first i was getting an error like:
I have fixed this by copying some missed libraries:
But now, when trying to connect to user1 typing su user1 and then typing it's password, i am getting this error: could not open session
So the question is how to connect to user1 in this situation?
Here are the permissions of some files, this might be helpful in order to provide a solution:
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure:
What makes the session to exit immediately after launching?
View 1 Replies
View Related
May 16, 2011
How can I use the ping command in a chroot environment?
$ ping 8.8.8.8
ping: icmp open socket: Operation not permitted
Currently I am using CentOs, but ideally there must be a solution that works in all chrooted environments.
View 2 Replies
View Related
Jan 25, 2011
How to crete a 64bit chroot environment? Im not able to run Virtualbox.
View 2 Replies
View Related
Oct 22, 2010
Is there a way where i can chroot their user home directory, lets say the user login on linux box /home/user, what i wanted to do is to chroot /home/user where user won't be able to browse the filesystem which is /. Tnx
View 1 Replies
View Related
