peterh - Linux - Blog

scponly

Thursday, June 21, 2007, 11:56 - Network, Security
Posted by Administrator

apt-get install scponly

gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
cd /usr/share/doc/scponly/setup_chroot/
./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR

cp /dev/null /home/USERNAME/dev

maybe cp /etc/groups /home/USERNAME/etc

HINT: login via ssh is not possible BUT PORTFORWARDING

[ view entry ] ( 696 views ) | print article

ssh - chroot

Thursday, June 21, 2007, 10:36 - Network, Security
Posted by Administrator

chroot a user logging in via ssh

apt-get install libpam-chroot

less /usr/share/doc/libpam-chroot/examples/README.example

/usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh

/etc/security/chroot.conf:

+USERNAME   /var/chroot/sshd/home/USERNAME

/etc/pam.d/login:

+session    required   pam_chroot.so

To copy all linked libs (but not libs loaded at runtime) of a programm to our chroot

ldd /usr/bin/pprogram | awk '{if ($3 ~ /^[^ (]/) print $3}' | \
cpio -pdvuL $CHROOTDIR

[ view entry ] ( 549 views ) | print article

<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |