Tech Skills - Red Hat Enterprise Linux 7 - 3.0 Securing Services

Uploaded by

DDDD

0% found this document useful (0 votes)

5 views2 pages

Original Title

techskills-linuxsecurity-3-2-chroot_jails

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

5 views2 pages

Tech Skills - Red Hat Enterprise Linux 7 - 3.0 Securing Services

Uploaded by

DDDD

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

Tech Skills - Red Hat Enterprise Linux 7 - 3.

0 Securing Services
Filename: techskills-linuxsecurity-3-2-chroot_jails
Title: Chroot Jails
Subtitle: Linux Security Techniques

3.2 Chroot jails

What is a Chroot jail?

Chroot
"Virtualizes" the filesystem hierarchy
Not actually virtual
Directory structure is hidden from the session
Only a single folder tree is visible, and it is displayed as root
Example: /var/jail would show as /
The filesystem jail is designed to be inescapable

What are some of the uses for this?

Application jails
A compromised application can be held to its own folders
User session jails
Users are unable to access resources outside of their jail
Honey pots
Jails can be created with extended logging to catch attackers

Can we place anything we want into a chroot jail?

Technically, you can chroot anything

Dependencies become a real challenge
Calls to system folders (/proc,/var, etc) would have to be jailed as well
Can be tricky to catch them all
Many key applications directly support chroot, making it much easier
SSH/SFTP
Apache
MySQL/MariaDB
Postfix

Can you show us an example of how we use chroot?

SSH/SFTP Example

1. Create a service account

useradd service1
passwd service1
2. Create jail directory
mkdir -p /jail/service1/home/service1
cd /jail/service1
mkdir dev etc lib64 bin
3. Set ownership and permissions
chown root:root /jail/service1
chmod 755 /jail/service1
4. Create logical devices
mknod -m 666 /jail/service1/dev/null c 1 3
mknod -m 666 /jail/service1/dev/tty c 5 0
mknod -m 666 /jail/service1/dev/zero c 1 5
mknod -m 666 /jail/service1/dev/random c 1 8
5. Create config files
echo export PATH=/bin >> /jail/service1/home/service1/.profile
6. Copy the application files into the jail
cp /bin/bash /jail/service1/bin/
cp /bin/ls /jail/service1/bin

How do we know what dependencies go along with the applications?

Determine bash dependancies and copy them into place
ldd /bin/bash
ldd /bin/ls
cp /usr/lib64/libtinfo.so.5 /jail/service1/lib64/
cp /usr/lib64/libdl.so.2 /jail/service1/lib64/
cp /usr/lib64/libc.so.6 /jail/service1/lib64
cp /usr/lib64/ld-linux-x86-64.so.2 /jail/service1/lib64/
cp /usr/lib64/libcap.so.2 /jail/service1/lib64/
cp /usr/lib64/libacl.so.1 /jail/service1/lib64/
cp /usr/lib64/libpcre.so.1 /jail/service1/lib64/
cp /usr/lib64/libattr.so.1 /jail/service1/lib64/
cp /usr/lib64/libpthread.so.0 /jail/service1/lib64/
cp /usr/lib64/libselinux.so.1 /jail/service1/lib64/

Now that we have built the jail, how do we use it?

1. Set sshd to use the chroot directory

vi /etc/ssh/sshd_config
Match User service1
ChrootDirectory /jail/service1
2. Restart sshd
systemctl restart sshd.service

Workouts 1
Document26 pages
Workouts 1
Hari Krishnan
No ratings yet
Operating System: Lab Session # 6 BS (CS) - 2020
Document8 pages
Operating System: Lab Session # 6 BS (CS) - 2020
taz araish
No ratings yet
Setup and Configuration For OpenSSH
Document13 pages
Setup and Configuration For OpenSSH
chithanhg0002097
No ratings yet
Securing Ubuntu
Document29 pages
Securing Ubuntu
sushike
No ratings yet
Scotiabank Technical Test Production Support Quiz
Document4 pages
Scotiabank Technical Test Production Support Quiz
Juan Juan
No ratings yet
MHQ 1
Document2 pages
MHQ 1
Abhijeet Kumar
No ratings yet
WRF Arw
Document8 pages
WRF Arw
keyur632
100% (1)
Answers To Even-Numbered Exercises: From Page 1077
Document7 pages
Answers To Even-Numbered Exercises: From Page 1077
Mark Holden
No ratings yet
Linux 4
Document20 pages
Linux 4
michal hana
No ratings yet
Laborator Linux
Document8 pages
Laborator Linux
Popa Alex
No ratings yet
Exploiting of Metasploit Machine Assessment Report: Assignment-3
Document29 pages
Exploiting of Metasploit Machine Assessment Report: Assignment-3
venkatesh reddy
No ratings yet
StackRox Whitepaper HardeningDocker
Document9 pages
StackRox Whitepaper HardeningDocker
dslkj
No ratings yet
Linux Privilege Escalation
Document20 pages
Linux Privilege Escalation
Juanca
No ratings yet
Image Detection With Lazarus: Maxbox Starter87 With Cai
Document22 pages
Image Detection With Lazarus: Maxbox Starter87 With Cai
Max Kleiner
100% (1)
Slitaz Scratchbook: Base System
Document11 pages
Slitaz Scratchbook: Base System
shinikay
No ratings yet
Objectifs 2. Environnement: Shared Ethernet Bridged Ethernet
Document8 pages
Objectifs 2. Environnement: Shared Ethernet Bridged Ethernet
maxdurieux88
No ratings yet
AIX Boot Process
Document99 pages
AIX Boot Process
Bharat Thapa
No ratings yet
Linuxengines Blogspot in
Document9 pages
Linuxengines Blogspot in
Shitesh Sachan
No ratings yet
Basic linux commands interview questions
Document24 pages
Basic linux commands interview questions
Raghavendra Kamurthi
No ratings yet
Linux Interview Questions & Answers
Document87 pages
Linux Interview Questions & Answers
Sri Shailam
No ratings yet
OpenBSD Proxy Server
Document25 pages
OpenBSD Proxy Server
jorg3fs
No ratings yet
Linux Privilege Escalation Using Capabilities: Table of Content
Document8 pages
Linux Privilege Escalation Using Capabilities: Table of Content
mr z3iya
No ratings yet
System Administration: Core Concepts: in This Chapter
Document14 pages
System Administration: Core Concepts: in This Chapter
Trancy
No ratings yet
Lab Manual
Document16 pages
Lab Manual
bvbkeshav
No ratings yet
Using Openbsd's Chrooted HTTPD
Document5 pages
Using Openbsd's Chrooted HTTPD
lukastoni
No ratings yet
Docker in action textbook notes - Chapter 1
Document5 pages
Docker in action textbook notes - Chapter 1
Ashwin Vinod
No ratings yet
Sun Grid Engine Tutorial
Document14 pages
Sun Grid Engine Tutorial
oligoelemento
No ratings yet
Chroot Users With OpenSSH - An Easier Way To Confine Users To Their Home Directories - Tech Republic
Document2 pages
Chroot Users With OpenSSH - An Easier Way To Confine Users To Their Home Directories - Tech Republic
petersoh
No ratings yet
Linux Filesystem Hierarchy: The Linux Documentation Project
Document29 pages
Linux Filesystem Hierarchy: The Linux Documentation Project
thewhiteeye
No ratings yet
C What Is The Booting Process of Linux Systen and Explain It, Is The First Process Comes Under
Document18 pages
C What Is The Booting Process of Linux Systen and Explain It, Is The First Process Comes Under
shekhar
No ratings yet
Abusing SUID Binaries
Document25 pages
Abusing SUID Binaries
rayd.testing
No ratings yet
Section 10 Understanding Common Endpoint Attacks Lab
Document25 pages
Section 10 Understanding Common Endpoint Attacks Lab
rita
No ratings yet
This Linux Certification Training: The Command Used: PR - l60 Draft
Document6 pages
This Linux Certification Training: The Command Used: PR - l60 Draft
Sopan sonar
No ratings yet
Linux Interview Questions
Document52 pages
Linux Interview Questions
vinnuthegreat
100% (1)
XigmaNAS - Guide to setting up and using jails
Document13 pages
XigmaNAS - Guide to setting up and using jails
andyvtran
No ratings yet
Linux Filesystem Hierarchy: The Linux Documentation Project
Document29 pages
Linux Filesystem Hierarchy: The Linux Documentation Project
karant1
No ratings yet
Procfs in Linux (Virtual File System) EmbeTronicX 2
Document1 page
Procfs in Linux (Virtual File System) EmbeTronicX 2
thh
No ratings yet
Linux Encrypted Filesystem With Dm-Crypt: Búsqueda
Document5 pages
Linux Encrypted Filesystem With Dm-Crypt: Búsqueda
alexangox
No ratings yet
Red Team and Pentration Testing
Document56 pages
Red Team and Pentration Testing
Abdelilah Aquerouach
No ratings yet
Openstack Ha Guide Trunk
Document24 pages
Openstack Ha Guide Trunk
luchoalco
No ratings yet
Linux Intro For Starters
Document27 pages
Linux Intro For Starters
Hussnain Toufiq
No ratings yet
Linux Raj
Document172 pages
Linux Raj
Sahil Suri
100% (1)
A Deep Dive Into Linux Namespaces - Chord Simple
Document5 pages
A Deep Dive Into Linux Namespaces - Chord Simple
Phoenix Liebe Jeff
No ratings yet
Linux
Document36 pages
Linux
arun0076@gmail.com
No ratings yet
267 Hacking Linux Powered Devices
Document30 pages
267 Hacking Linux Powered Devices
Tanush Kamble
No ratings yet
Linux TEB Reviewer
Document3 pages
Linux TEB Reviewer
Abegail Joyce Tomaneng
No ratings yet
Configure DNS Server with chroot Jail
Document4 pages
Configure DNS Server with chroot Jail
Navin Kumar
No ratings yet
Linux Baseline Document Santosh
Document27 pages
Linux Baseline Document Santosh
utpalbasak
No ratings yet
Freebsd Tutorial: Index
Document9 pages
Freebsd Tutorial: Index
Rodrigo Soares
No ratings yet
Basic Linux Privilege Escalation
Document4 pages
Basic Linux Privilege Escalation
etodemerzel
No ratings yet
Netfilter and System Security Services
Document22 pages
Netfilter and System Security Services
Carlos Alberto Mendes Betinho
No ratings yet
3.2.2.4 Lab - Navigating The Linux Filesystem and Permission Settings
Document9 pages
3.2.2.4 Lab - Navigating The Linux Filesystem and Permission Settings
c583706
No ratings yet
Introduction To Linux Forensics
Document22 pages
Introduction To Linux Forensics
Felix Scribd
No ratings yet
README
Document427 pages
README
Tran Sistor
No ratings yet
Arjit
Document8 pages
Arjit
bhima5455
No ratings yet
Lecture 2: Unix Structure: Asoc. Prof. Guntis Barzdins Asist. Girts Folkmanis
Document19 pages
Lecture 2: Unix Structure: Asoc. Prof. Guntis Barzdins Asist. Girts Folkmanis
rosshush
No ratings yet
Operating System Basics Explained
Document39 pages
Operating System Basics Explained
anoopts123
No ratings yet
20bis016 Harshaadhithya K
Document27 pages
20bis016 Harshaadhithya K
Shanthini
No ratings yet
Control resource usage with cgroups and namespaces
Document15 pages
Control resource usage with cgroups and namespaces
Trevor Chandler
No ratings yet
Linux Services Deployment
From Everand
Linux Services Deployment
Fabian Mestre
No ratings yet
Lab2 4
Document1 page
Lab2 4
DDDD
No ratings yet
Export Zone=Europe West4 b
Document1 page
Export Zone=Europe West4 b
DDDD
No ratings yet
AWS CCP
Document19 pages
AWS CCP
DDDD
No ratings yet
New Word English
Document1 page
New Word English
DDDD
No ratings yet
Lab 222
Document1 page
Lab 222
DDDD
No ratings yet
Lab2 5
Document1 page
Lab2 5
DDDD
No ratings yet
Lab7 3
Document1 page
Lab7 3
DDDD
No ratings yet
Lab2 1
Document1 page
Lab2 1
DDDD
No ratings yet
gcloud compute instances create $IN
Document2 pages
gcloud compute instances create $IN
DDDD
No ratings yet
Lab2 2
Document1 page
Lab2 2
DDDD
No ratings yet
Lab7 4
Document1 page
Lab7 4
DDDD
No ratings yet
Lab2 3
Document1 page
Lab2 3
DDDD
No ratings yet
Lab1 5
Document1 page
Lab1 5
DDDD
No ratings yet
Lab7 5
Document1 page
Lab7 5
DDDD
No ratings yet
Lab7 1
Document1 page
Lab7 1
DDDD
No ratings yet
Lab1 1
Document1 page
Lab1 1
DDDD
No ratings yet
Mod2 1
Document1 page
Mod2 1
DDDD
No ratings yet
Lab7 2
Document1 page
Lab7 2
DDDD
No ratings yet
Lab1 3
Document1 page
Lab1 3
DDDD
No ratings yet
Lab1 4
Document1 page
Lab1 4
DDDD
No ratings yet
Lab1 2
Document1 page
Lab1 2
DDDD
No ratings yet
Mod3 1
Document1 page
Mod3 1
DDDD
No ratings yet
Mod2 5
Document1 page
Mod2 5
DDDD
No ratings yet
Mod2 3
Document1 page
Mod2 3
DDDD
No ratings yet
Mod3 2
Document1 page
Mod3 2
DDDD
No ratings yet
Mod2 2
Document1 page
Mod2 2
DDDD
No ratings yet
Mod2 4
Document1 page
Mod2 4
DDDD
No ratings yet
Mod3 3
Document1 page
Mod3 3
DDDD
No ratings yet
Mod3 5
Document1 page
Mod3 5
DDDD
No ratings yet
Mod3 4
Document1 page
Mod3 4
DDDD
No ratings yet
CN Lab 3
Document17 pages
CN Lab 3
Muhammad Ali Usman
No ratings yet
Syllabus PTSV3 PDF
Document19 pages
Syllabus PTSV3 PDF
Zakaria Khayioui
No ratings yet
Manual Huawei UMG8900
Document11 pages
Manual Huawei UMG8900
Ricardi Martinelli Martins
No ratings yet
CMRIT Wireless Cellular and LTE 4G Course
Document4 pages
CMRIT Wireless Cellular and LTE 4G Course
Sanjana Akkole
No ratings yet
Coolmay TK Series HMI User Manual
Document2 pages
Coolmay TK Series HMI User Manual
splinter inc
No ratings yet
New Perspectives Microsoft Office 365 and Access 2016 Introductory 1st Edition Shellman Test Bank Download
Document12 pages
New Perspectives Microsoft Office 365 and Access 2016 Introductory 1st Edition Shellman Test Bank Download
Amanda Douglas
100% (27)
FW-7582 User Manual-2 PDF
Document42 pages
FW-7582 User Manual-2 PDF
kumar.arasu8717
No ratings yet
Crash 2021 12 21 21-47-40
Document37 pages
Crash 2021 12 21 21-47-40
Gabriel Borda
No ratings yet
Modulo WIFI TML1505C
Document25 pages
Modulo WIFI TML1505C
Iván Meza Bastidas
0% (1)
Divisibility Rules: Divisible (Whole Numbers Only) - Able To Be Divided Without Remainder
Document1 page
Divisibility Rules: Divisible (Whole Numbers Only) - Able To Be Divided Without Remainder
Octagon EduCentre
No ratings yet
Difference between Structured and Object-Oriented Programming
Document11 pages
Difference between Structured and Object-Oriented Programming
Milracles
No ratings yet
The Preservation, Emulation, Migration, and Virtualization of Live Electronics For Performing Arts - An Overview of Musical and Technical Issues
Document16 pages
The Preservation, Emulation, Migration, and Virtualization of Live Electronics For Performing Arts - An Overview of Musical and Technical Issues
Gerardo Meza Gómez
No ratings yet
Series 3 Electrical Minicargador CASE
Document15 pages
Series 3 Electrical Minicargador CASE
Mauricio Duran
No ratings yet
Maintenance Manual mb491 PDF
Document298 pages
Maintenance Manual mb491 PDF
Sidnei Oliveira
No ratings yet
How To Overclock A Cpu
Document3 pages
How To Overclock A Cpu
Aman Chhabra
No ratings yet
1 Assignment-8
Document2 pages
1 Assignment-8
araceli
No ratings yet
BitTorrent in Ns-2 - My Site
Document2 pages
BitTorrent in Ns-2 - My Site
Vijay Sharma
No ratings yet
Python Programming Principles and Problem Solving
Document3 pages
Python Programming Principles and Problem Solving
Divine Manalo
No ratings yet
Pricelist Challenger
Document4 pages
Pricelist Challenger
Michaelben Michaelben
50% (4)
Papercraft Viking
Document57 pages
Papercraft Viking
Attila Érchegyi
No ratings yet
Exam SC 200 Microsoft Security Operations Analyst
Document9 pages
Exam SC 200 Microsoft Security Operations Analyst
walter
No ratings yet
Project Managemet System
Document44 pages
Project Managemet System
abrar
No ratings yet
CSS 214 Os-5 2021
Document32 pages
CSS 214 Os-5 2021
fayyadmuhammad45
No ratings yet
How To Repair Laptop Batteries - Electronics Repair and Technology News
Document1 page
How To Repair Laptop Batteries - Electronics Repair and Technology News
ekkexxe
100% (1)
LB STYLE GUIDE ESMX Mexican Spanish
Document32 pages
LB STYLE GUIDE ESMX Mexican Spanish
Carla Peria
No ratings yet
DSP Report Lab3 Official
Document11 pages
DSP Report Lab3 Official
bao.pham27sayze
No ratings yet
Crescent DAO Protocol Smart Contract Audit Report
Document84 pages
Crescent DAO Protocol Smart Contract Audit Report
sum bunny
No ratings yet
Intergrating The 3G - Good For Referance - 090938
Document36 pages
Intergrating The 3G - Good For Referance - 090938
Emmanuel Adu-Kissiedu
No ratings yet
Payroll Management Project Proposal
Document3 pages
Payroll Management Project Proposal
Umair Yasin
100% (4)
Task A: Digital Reflection
Document4 pages
Task A: Digital Reflection
hairy basketballs
No ratings yet