First: directory structure
You have to build your own custom jailed filesystem. Mine was on /var/cage:
./ .script.rc bin config lib64 spool ./bin: .lsd bash cat init.rc ls sqlite3 echo ./config: current ./lib64: ld-linux-x86-64.so.2 libc.so.6 libpthread.so.0 libselinux.so.1 libacl.so.1 libdl.so.2 libreadline.so.5 libsqlite3.so.0 libattr.so.1 libncurses.so.5 librt.so.1 ./spool: commands
Second. Creating a custom console.
This script will force that instead of creating a custom shell, the user will be jailed after login:
cp /usr/bin/chroot /usr/bin/rooted chmod u+s /usr/bin/rooted
User is created on /home/jailed:
.profile must conatain the following line:
exec /usr/bin/rooted /var/cage /bin/init.rc
Adendum. /bin/init.rc
/bin/bash --init-file /.script.rc
No hay comentarios:
Publicar un comentario