[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Chrooted services



* Volker Kuhlmann; <hidden@xxxxxxxxxxxxxxx> on 12 Dec, 2003 wrote:
here are the apps I am planning to run
apache with mod-php mod_perl and mod_ssl
squirrelmail
wu-imap
snmpd
squid

sshd would be cool too...

OK I'll add it to my wish list along with cups. Now here is the approach
I am planning to take

1) Create /etc/sysconfig/chroot.d  directory and store configuration
files for services to be chrooted. The configuration file should include
files directories needed for the service

2) Create chroot-maker file which will basically read the
/etc/sysconfig/chroot.d/FILENAME and create the chrooted environment

3)Modify the /etc/init.d/SERVICE file to include the chroot setup so I do not have to worry about if I need to prepare the chroot
environment or not

4) I need to modify the /etc/sysconfig/syslog so the /chroot/DIR/dev/log
will be available but is there a way that the init script checks the
existence of chroot/DIR/dev/log and if not adds it on the fly
Before I make a head start dive into deep water anything I am missing
here ?

I think this is better then the unsubscribe thread :-)

--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer		Please reply to the list;
http://susefaq.sf.net			Please don't CC me.



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here