Professional Documents
Culture Documents
0 Securing Services
Filename: techskills-linuxsecurity-3-2-chroot_jails
Title: Chroot Jails
Subtitle: Linux Security Techniques
Chroot
"Virtualizes" the filesystem hierarchy
Not actually virtual
Directory structure is hidden from the session
Only a single folder tree is visible, and it is displayed as root
Example: /var/jail would show as /
The filesystem jail is designed to be inescapable
Application jails
A compromised application can be held to its own folders
User session jails
Users are unable to access resources outside of their jail
Honey pots
Jails can be created with extended logging to catch attackers
SSH/SFTP Example