Reference: http://www.howtoforge.com/chroot_ssh_sftp_fedora7
Installation of dependencies.
# yum-y install rpm-build openssl-devel glibc-devel krb5-devel pam-devel gcc
unloaded the openssh with chroot # wget http://chrootssh.sourceforge.net/download/openssh-4.5
p1-chroot.tar.bz2
bz2 Unzip the file, which will not create a tarball
# bunzip2 openssh-4.5p1-chroot.tar.bz2
unpack the file.
tar # tar-xvf openssh-4.5p1-chroot.tar
openssh.spec Copy the file to / usr / src / redhat / SPECS /
openssh-4.5p1-chroot/contrib/redhat/openssh.spec # cp / usr / src / redhat / SPECS /
changed
to name the folder unpacked
# mv openssh-4.5p1-chroot openssh-4.5p1
compress the folder # tar czvf
openssh openssh-4.5p1-4.5p1.tar.gz
Move the archive a / usr / src / redhat / SOURCES / and delete the leftover files were not
q # mv openssh-4.5p1.tar.gz / usr / src / redhat / SOURCES /
# rm-rf openssh-4.5 p1
Edit the file # vim / usr / src / redhat / SPECS / openssh.spec
and add or modify the following lines.
% define no_x11_askpass 1
% define no_gnome_askpass 1
% configure \\
- without-zlib-version-check \\
- sysconfdir =% {_sysconfdir} / ssh \\
build the package # rpmbuild-bb / usr / src / redhat / SPECS / openssh.spec
We generated three packages *. rpm which one is the server and client in the location / usr/src/redhat/RPMS/i386 /
# cd / usr / src / redhat/RPMS/i386 /
install packages # rpm-Uvh openssh-4.5p1-1.i386.rpm openssh-server-4.5p1-1.i386.rpm openssh-clients-4.5p1-1. i386.rpm
Edit the yum configuration to exclude updates openssh package
# vi / etc / yum.conf
#############################
exclude = openssh * #############################
eliminated packages that are no longer necessary
# rpm-e rpm-build openssl-devel glibc-devel krb5-devel pam-devel gcc
Now we define our directory where we store our user chroot. depending on the value that we provide. in my case I will create in / home folder
chroot # mkdir / home / chroot
create
the other folders
# mkdir-p bin lib usr / bin dev etc home
# mknod dev / null C 1 3
# mknod dev / zero c 1 May
# chmod 666 dev / null dev / zero
This is a script q allow us to copy what is necessary for our chroot, create a file for use chroot_jail in / usr / bin and copy the contents
###############
######## # / bin / bash
PATH = / usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: / sbin : / bin
APPS = "/ bin / sh / bin / bash / bin / cp /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /bin/rmdir /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /bin/vi /usr/bin/sftp /usr/libexec/openssh/sftp-server"
for prog in $APPS; do
mkdir -p ./`dirname $prog` > /dev/null 2>&1
cp $prog ./$prog
# obtain a list of related libraries
ldd $prog > /dev/nullq
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog
for l in $ LIBS; do
mkdir-p. / `Dirname $ l`> / dev / null 2> & 1
cp $ l. / $ L> / dev / null 2> & 1 done
fi done
##########################
# vi / usr / bin / chroot_jail
Content is copied # chmod + x / usr / bin / chroot_jail
and execute writing
# chroot_jail
finished copying files now needed for our cchroot
# cp / lib/ld-2.5.so lib /
# cd lib # ln-s ld-2.5.so ld-linux.so.2
# cd. .
# cp / lib/libnss_compat.so.2 lib /
# cp / lib/libnss_files.so.2 lib /
# cp / lib/libcap.so.1 lib /
# cp / lib/libnss_dns.so.2 lib /
# cp-R / etc / pam.d / etc /
# cp-R / lib / security / lib /
# cp-R / etc / security / etc /
# cp / etc / login.defs / etc / hosts / Etc / resolv.conf etc /
already about to end we will create our files passwd and group of our
chroot # echo '# / bin / bash'> usr / bin / groups
# echo "id -Gn ">> usr / bin / groups
# touch etc / passwd
# grep / etc / passwd-e" ^ root "> etc / passwd
# grep / etc / group-e" ^ root "-e" ^ users "> etc / group
Now create the user, assigning the directory created
# useradd-s / bin / bash-m-d / home / chroot /. / home / testuser -c "testuser"-g users testuser Le
put a password # passwd testuser
and ready now we can prove.
0 comments:
Post a Comment