lunes, 4 de julio de 2011

Creating Jail for users

First: directory structure

You have to build your own custom jailed filesystem. Mine was on /var/cage:
./
.script.rc  bin  config  lib64  spool

./bin:
.lsd  bash  cat  init.rc  ls  sqlite3 echo 

./config:
current

./lib64:
ld-linux-x86-64.so.2  libc.so.6        libpthread.so.0   libselinux.so.1
libacl.so.1           libdl.so.2       libreadline.so.5  libsqlite3.so.0
libattr.so.1          libncurses.so.5  librt.so.1

./spool:
commands

Second. Creating a custom console.

This script will force that instead of creating a custom shell, the user will be jailed after login:

cp /usr/bin/chroot /usr/bin/rooted
chmod u+s /usr/bin/rooted

User is created on /home/jailed:
.profile must conatain the following line:
exec /usr/bin/rooted /var/cage /bin/init.rc


Adendum. /bin/init.rc

/bin/bash --init-file /.script.rc

No hay comentarios:

Publicar un comentario