Ubuntu Servers :: Completely Chroot Enviornoment Where Every Single Service Is In Chroot Mode (bind,mysql, Postfix)?
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
ADVERTISEMENT
Jul 8, 2011
what is bind vs bind-chroot vs caching-nameserver ?what is the different between eatch others ?
View 7 Replies
View Related
Dec 8, 2010
I just tried to upgrade my server to the latest version of Bind9 and the process fails gets frozen.First note that I have Bind in a chroot jail.When I try the upgrade, or the recommended "dpkg --configure -a", it displays this then hangs:Quote:
Setting up bind9 (1:9.7.0.dfsg.P1-1ubuntu0.1) ...
* Stopping domain name service... bind9 rndc: connection to remote host closed
[code]....
View 2 Replies
View Related
Dec 15, 2010
I have been a BSD guy for years, but I am now shifting over to CentOS for my first server build.
So far so good, all has been relatively painless and in fact a heck of a lot simpler than I anticipated!
Everything seems to have gone ok except a small problem with Bind. At some point during setup, I accidentally ran "yum remove bind-chroot".
When I tried to run "yum install bind-chroot" I got told "No package bind-chroot available" which was odd.
Anyway, I managed to find the rpm for bind-chroot and installed it that way. Now I see that there is a bind update available
Unfortunately the rpm I installed now has a dependency for the current version of bind which I can see being a headache everytime bind needs updating.
So, can anyone help me get back bind-chroot the proper way? code...
View 4 Replies
View Related
Oct 18, 2010
I had configured MySQL Server (Distrib 5.1.41) on My Ubuntu 10.4 Lucid sever.I had installed mysql through apt-get install.Now every thing including replication is done and working fine.Now i had a requirement to run MySQL in chroot environment.Is it possible to change the the existing env to chroot or do i need to install and configure every thing from scratch..
View 1 Replies
View Related
Jan 19, 2010
The server I am working with is running CentOS 5.x. MySQL and FTP access is tunnelled through SSH using OpenSSH. Users are chrooted to their home directory as follows:
User: tristan
Home: /web/tristan/
Now, up to this point everything works fine (FTP access) except for MySQL tunnelling. The application I use for MySQL administration is Navicat. It allows me to access the remote SQL server as though it's local using a SSH tunnel. The problem is that I am unable to create a connection to the SQL server through tunnelling unless chroot is removed for the user. Once chroot is removed, I am able to connect to the SQL server just fine via tunnelling. However, ow when using SFTP, the user's "home" directory is now the root of the drive (which is what we don't want).
I wish I could give you more information about the configuration. Another user set this server up and unfortunately I will not be able to access the machine until a few days from now so my information is limited.
View 3 Replies
View Related
Jun 22, 2011
I've config vsftpd chroot mode follow:
Code:
Code:
View 4 Replies
View Related
Mar 23, 2010
I'm attempting to give a few buddies encrypted storage space through sftp using truecrypt.I have it worked out to the point where the truecrypt volume is automatically mounted when the user logs on, and dismounted when they log off.I would like to restrict each person to their individual home folders. This way, I can control exactly how much space each user is able to use (through the size of the truecrypt volume), while maintaining security through the network due to using SFTP.
I've been looking around, and the only thing I can see is restricting a large group of users to a single directory, this won't work, I need each person to be locked down to their personal home directory.My end goal is to have these volumes "mountable" in Windows through the use of Windows network drives (on a wide network, not through samba on local), or by using expandrive or a similar program. how I can lock these users to their respective home folders?
View 9 Replies
View Related
Aug 13, 2010
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
View 3 Replies
View Related
Jul 14, 2010
I've been searching the web, without finding any sollution to my problem.vsFTPd is acting really weird. I've never seen this problem before, and I've been using vsftpd for some years nowWell.. The thing is, I've made a user that chroots to the folder /var/www on my server. And when I then try to chmod the file /var/www/htdocs/testsite/index.html through my ftp-client, I only get the error "550 SITE CHMOD command failed.", and when I then check in my /var/log/vsftpd.log it says
Code:
FAIL CHMOD: Client "192.168.50.58", "/htdocs/testsite/index.html 777"
Which I think would mean that it tries to chmod the file "/htdocs/testsite/index.html" instead of chmod the
[code]....
View 7 Replies
View Related
May 21, 2010
I have an SFTP server using OpenSSH on a server running Fedora 12. I want to chroot my sftponly users into their home directory but I want to let them have write access to their upload/ folder. Right now users can log in and view & download items, but for some reason I can't get write access to work. Here's some info:
username: testuser
group: sftponly
from /etc/passwd:
testuser:x:501:501::/home/testuser/:/bin/false
[code]...
View 1 Replies
View Related
Aug 12, 2010
Basically they all cover running a 32bit app running on 64bit host and so on.I want to have an isolated system in total chroot (running lighttpd, mysql, ssh, etc from there).(For security reasons I have to isolate the dev from the live one.) So I installed the chroot environment, mounted all the neccessary things and chrooted in. Everything went fine. Edited /etc/ssh/sshd_config to use port 22222 instead of 22. Used service ssh start then. It says service running but if I try this: ssh -p 22222 localhost I get "Connection refused". The chrooted is system is very minimal so far so there is no firewall, hosts.allow/deny or anything.
ps.: The chroot environment will be a development area as I already mentioned. I thought chroot is the easiest way but if you say KVM is better or something I can go for it. The machine is easily capable of running even 10 VMs easily.
View 1 Replies
View Related
Feb 3, 2010
Getting full access to /home is a piece of cake. I want to be able to look in on all the files. I would also like to know how to chroot through ssh.
View 9 Replies
View Related
Nov 17, 2010
I have one problem regarding my web server. When I am try to restart my httpd service it shows...
[root@localhost ~]# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs [FAILED]
[root@localhost ~]#
View 2 Replies
View Related
Jul 15, 2010
I have searched some about Bind9 and have it installed in my server. Now I'm looking for a Tools like mysqlBind and I found unxsBind is the next version of mysqlBind (These tools help you config BIND DNS with MySQL). But the issue is: I don't know how to Install it in Ubuntu - there just say how to install with Centos.
View 2 Replies
View Related
Nov 30, 2010
i created a chroot environment for maverick. while installing packages and ubuntu-desktop it says that i need to restart. when i pass the command " sudo shutdown -r 0" my whole system gets restarted. how can i restart that particular environment.
View 3 Replies
View Related
Dec 4, 2010
I created a chroot environment for lucid. when i log in by executing this command "sudo chroot /var/chroot/lucid" it logged me in as a root user. i created a new account there, when i log in by that account i cant see anything written before $ sign. even if i change directory or anything else i cant see anything.
View 1 Replies
View Related
Apr 29, 2015
How to run X in chroot ?
View 3 Replies
View Related
Jan 19, 2010
what is chroot jail?
View 1 Replies
View Related
Jul 20, 2010
In a script that I'm still writing, I'm trying to build a package from source within a chroot'ed environment. 1) I could chroot and then cd to /usr/src and then manually install the package. 2) I could chroot and then run the installation script from the proper directory. 3) What I want to do and what's giving me issues, is to issue a command similar to this:
Code:
chroot /root/me/here cd /usr/src
...and have it do the installation after changing to /usr/src.
[code]....
View 1 Replies
View Related
Jul 30, 2009
ive created user in my server for vsftp and they are chroot when they use the ftp but not when they use the shell. How to chroot them into the shell?
View 3 Replies
View Related
Mar 12, 2010
I'm rly poundering on the following problem. For our school assignment we need to make a liveCD (just a part of the assignment). I've stripped down a default ubuntu 9.10 . But I need to default keyboard layout to be azerty (belgium). When I run the liveCD in virtualbox and do dpkg -reconfigure console-setup it's all good.
But when I do it in chroot to change the liveCD, it gives an OK etc but when I pack it into an ISO again and run it ... Again US keyboard layout. Even on startup when I change the keymap it doesn't change to azerty... I rly don't know what to try now..
View 1 Replies
View Related
Jul 16, 2010
im looking for info on chroot jail and if you can break out of it. does anyone know where to find info?
View 1 Replies
View Related
Oct 26, 2010
I was hoping to set up a Kubuntu 10.04 Chroot on a PC with no internet access (I only have dialup anyway, not Broadband). All the information I have been able to find refers to downloading debootstrap in order to do this.I purchased a set of DVDs with all of the Ubuntu packages on them and created a single repository of them on my harddrive.Is there some way that I can create the Chroot using the packages on my hard drive without having to access the internet to download stuff as I do it?
View 6 Replies
View Related
Apr 11, 2011
Since copying the .Xauthority or using xephyr/xnest open the applications in the same display, i was wondering. how can one run a separate display on tty8 for only the chroot? is it possible?
View 5 Replies
View Related
Sep 10, 2010
While learning about Ubuntu, I made an error in a chroot code...
This doesn't work either code...
Does someone know how to solve this?
View 1 Replies
View Related
Aug 26, 2015
I've been bashing around this for a couple of days, and could not find answer by using google. My debian 8.1.0 jessie runs perfectly fine. To perform SSH chroot jail, I issued an apt-get install makejail.
The ssh chroot environment runs great. I used makejail configuration scripts. The man pages are perfectly available from TTY login. Yet from a SSH session (chroot jailed) the man pages could not be found.
My MANPATH environment variable points at /usr/share/man
Running "mandb -c" from a SSH session as root tells:
0 man subdirectories contained newer manual pages.
0 manual pages were added.
0 stray cats were added.
0 old database entries were purged.
simply copying the contents of the /usr/share/man to /jail/usr/share/man
and running the "mandb -c" command gives lots of "dangling symlink" errors.
Perhaps the /jail directory need some dependent files, or change file permissions somewhere but I just couldn' t figure that out.
View 0 Replies
View Related
Aug 25, 2011
I`m running openSUSE Tumbleweed so the first question is: can i run ONLY another openSUSE OS inside the environment ? or can i run any distro i want ?
My second question is how do it set up the environment to act just like my normal OS, with both root and user rights on it? and of course can i run X ?
And finally third question: after googling a bit i did not found a tutorial for openSUSE but i have seen that is says that i have mount and/or bind certain things, how do i make the same thing under openSUSE for the respective chroot environment?
View 9 Replies
View Related
Jan 30, 2010
While reviewing information about chroot, I ran into something called linkage, specifically in reference to legacy and ABI, that they sometimes need to be ran in a chroot because the support libraries might clash in name or linkage with the regular root. What is a linkage clash? And what would be an example of this?
View 1 Replies
View Related
May 10, 2010
how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
View 3 Replies
View Related
