说明:chroot–change root(改变角色),例如apache服务,这个服务是直接安装到了根目录下面的所以当ps后看进程信息的时候后面的路径是以系统的“根”开始找的。如果想搭建起来这个chroot的环境,需要工具–jail.tar.gz,jail(监狱)也就是把自己想让服务更安全,那么就把服务扔到监狱中去运行,黑客入侵了也只能在监狱中控制,不能跳出监狱进行别的控制。本文介绍的可能有些长,请看详细步骤!
1 安装jail并构建监狱环境
[root@rrd ~]# useradd -g users -d /var/chroot/ -s /usr/bin/jail prisoner
[root@rrd ~]# tail /etc/passwd
prisoner:x:501:100::/var/chroot/:/usr/bin/jail
[root@rrd ~]# wget http://www.jmcresearch.com/static/dwn/projects/jail/jail.tar.gz
[root@rrd ~]# tar zxf jail.tar.gz
[root@rrd ~]# cd jail/bin
[root@rrd bin]# ll
total 20
-rwxr-xr-x 1 1002 1002 4726 Apr 2 2004 addjailsw
-rwxr-xr-x 1 1002 1002 2578 Apr 2 2004 addjailuser
drwxr-xr-x 2 1002 1002 4096 Apr 2 2004 CVS
-rwxr-xr-x 1 1002 1002 2750 Apr 2 2004 mkjailenv
[root@rrd bin]# cd ..
[root@rrd jail]# cd src/
[root@rrd src]# ll
total 68
drwxr-xr-x 2 1002 1002 4096 Apr 2 2004 CVS
-rw-r–r– 1 1002 1002 5893 Apr 2 2004 generic_helpers.c
-rw-r–r– 1 1002 1002 1478 Apr 2 2004 generic_helpers.h
-rw-r–r– 1 1002 1002 2111 Apr 2 2004 globals.h
-rw-r–r– 1 1002 1002 1260 Apr 2 2004 helpers.h
-rw-r–r– 1 1002 1002 13379 Apr 2 2004 jail.c
-rw-r–r– 1 1002 1002 1913 Apr 2 2004 Makefile
-rw-r–r– 1 1002 1002 3790 Apr 2 2004 passwd_helpers.c
-rw-r–r– 1 1002 1002 1396 Apr 2 2004 passwd_helpers.h
-rwxr-xr-x 1 1002 1002 1669 Apr 2 2004 preinstall.sh
-rw-r–r– 1 1002 1002 3386 Apr 2 2004 terminal_helpers.c
-rw-r–r– 1 1002 1002 1304 Apr 2 2004 terminal_helpers.h
-rw-r–r– 1 1002 1002 1770 Apr 2 2004 types.h
[root@rrd src]# vim Makefile
INSTALL_DIR = /tmp/jail##找到这一行,路径改成/usr/local/jail,保存后退出(看个人习惯)
[root@rrd src]# mkdir /usr/local/jail
[root@rrd src]# make
[root@rrd src]# make install
[root@rrd src]# /usr/local/jail/bin/mkjailenv /var/chroot
mkjailenv
A component of Jail (version 1.9 for linux)
http://www.jmcresearch.com/projects/jail/
Juan M. Casillas <juanm.casillas@jmcresearch.com>
Making chrooted environment into /var/chroot
Doing preinstall()
Doing special_devices()
Doing gen_template_password()
Doing postinstall()
Done.
[root@rrd src]# ll /var/chroot/##目录下有文件了
total 8
drwxr-xr-x 2 root root 4096 Aug 31 19:49 dev
drwxr-xr-x 2 root root 4096 Aug 31 19:49 etc
[root@rrd src]# /usr/local/jail/bin/addjailuser /var/chroot /home/prisoner /bin/bash prisoner
addjailuser
A component of Jail (version 1.9 for linux)
http://www.jmcresearch.com/projects/jail/
Juan M. Casillas <juanm.casillas@jmcresearch.com>
Adding user prisoner in chrooted environment /var/chroot
Done.
[root@rrd src]# ll /var/chroot/
total 12
drwxr-xr-x 2 root root 4096 Aug 31 19:49 dev
drwxr-xr-x 2 root root 4096 Aug 31 19:49 etc
drwxr-xr-x 3 root root 4096 Aug 31 19:51 home
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/
或
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/ -D
或
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/ -P bash “–version”
addjailsw
A component of Jail (version 1.9 for linux)
http://www.jmcresearch.com/projects/jail/
Juan M. Casillas <juanm.casillas@jmcresearch.com>
Guessing mv args()
Guessing ls args()
Guessing ln args()
Guessing grep args()
Guessing cat args()
Guessing rmdir args()
Guessing vi args(-c q)
Guessing tail args()
Guessing sh args()
Guessing id args()
Guessing rm args()
Guessing head args()
Guessing cp args()
Guessing pwd args()
Guessing mkdir args()
Guessing touch args()
Guessing more args()
Warning: can’t create /proc/mounts from the /proc filesystem
Warning: can’t create /proc/filesystems from the /proc filesystem
Warning: not allowed to overwrite /var/chroot//etc/passwd
Warning: not allowed to overwrite /var/chroot//etc/group
Warning: can’t create /proc/meminfo from the /proc filesystem
Done.
[root@rrd chroot]# ll
total 32
drwxr-xr-x 2 root root 4096 Aug 31 19:57 bin
drwxr-xr-x 2 root root 4096 Aug 31 19:56 dev
drwxr-xr-x 3 root root 4096 Aug 31 19:56 etc
drwxr-xr-x 3 root root 4096 Aug 31 19:51 home
drwxr-xr-x 2 root root 4096 Aug 31 19:56 lib64
drwsrwxrwx 2 root root 4096 Aug 31 19:57 tmp
drwxr-xr-x 6 root root 4096 Aug 31 19:56 usr
drwxr-xr-x 3 root root 4096 Aug 31 19:57 var
[root@rrd chroot]# mkdir /var/chroot/lib
[root@rrd chroot]# cp /lib/ld-linux.so.2 /var/chroot/lib/
[root@rrd chroot]# ll lib64/
total 2508
-rwxr-xr-x 1 root root 27920 Aug 31 19:56 libacl.so.1
-rwxr-xr-x 1 root root 17888 Aug 31 19:56 libattr.so.1
-rwxr-xr-x 1 root root 1717800 Aug 31 19:57 libc.so.6
-rwxr-xr-x 1 root root 23360 Aug 31 19:57 libdl.so.2
-rwxr-xr-x 1 root root 53880 Aug 31 19:56 libnss_files.so.2
-rwxr-xr-x 1 root root 117680 Aug 31 19:56 libpcre.so.0
-rwxr-xr-x 1 root root 145824 Aug 31 19:56 libpthread.so.0
-rwxr-xr-x 1 root root 53448 Aug 31 19:56 librt.so.1
-rwxr-xr-x 1 root root 95464 Aug 31 19:56 libselinux.so.1
-rwxr-xr-x 1 root root 247496 Aug 31 19:56 libsepol.so.1
-rwxr-xr-x 1 root root 15584 Aug 31 19:57 libtermcap.so.2
[root@rrd chroot]# cp /lib64/ld-linux-x86-64.so.2 /var/chroot/lib64/
[root@rrd chroot]# mkdir /var/chroot/etc/bash
[root@rrd chroot]# cp /etc/bashrc /var/chroot/etc/bash/
[root@rrd chroot]# cp /etc/profile /var/chroot/etc/
[root@rrd chroot]# cp /etc/DIR_COLORS /var/chroot/etc/
[root@rrd chroot]# /usr/local/jail/bin/addjailsw /var/chroot/ -P whoami
addjailsw
A component of Jail (version 1.9 for linux)
http://www.jmcresearch.com/projects/jail/
Juan M. Casillas <juanm.casillas@jmcresearch.com>
Guessing whoami args(0)
Warning: file /var/chroot//lib64/libc.so.6 exists. Overwritting it
Warning: file /var/chroot//etc/ld.so.cache exists. Overwritting it
Warning: file /var/chroot//usr/lib/locale/locale-archive exists. Overwritting it
Warning: file /var/chroot//usr/share/locale/locale.alias exists. Overwritting it
Done.
如果在chroot环境中可以访问的IP地址,但没有域名(“名称或服务不知道”):
[root@rrd chroot]# cp -a /lib/libnss_dns* /lib/libresolv* /var/chroot/lib/
64架构的
[root@rrd chroot]# cp -a /lib64/libnss_dns* /lib64/libresolv* /var/chroot/lib64/
[root@rrd chroot]# ll
total 36
drwxr-xr-x 2 root root 4096 Aug 31 19:57 bin
drwxr-xr-x 2 root root 4096 Aug 31 19:56 dev
drwxr-xr-x 4 root root 4096 Aug 31 20:06 etc
drwxr-xr-x 3 root root 4096 Aug 31 19:51 home
drwxr-xr-x 2 root root 4096 Aug 31 20:26 lib
drwxr-xr-x 2 root root 4096 Aug 31 20:27 lib64
drwsrwxrwx 2 root root 4096 Aug 31 20:07 tmp
drwxr-xr-x 6 root root 4096 Aug 31 19:56 usr
drwxr-xr-x 3 root root 4096 Aug 31 20:07 var
[root@rrd chroot]# ll dev/
total 0
crw-rw-rw- 1 root root 1, 3 Aug 31 19:49 null
crw-rw-rw- 1 root tty 5, 0 Aug 31 19:56 tty
cr–r–r– 1 root root 1, 9 Aug 31 19:49 urandom
crw-rw-rw- 1 root root 1, 5 Aug 31 19:49 zero
[root@rrd chroot]# mount -o bind /dev/ /var/chroot/dev/
[root@rrd chroot]# ll dev/##会列出很多文件,就不贴出来了
[root@rrd chroot]# mount -t devpts none /var/chroot/dev/pts
[root@rrd chroot]# mkdir /var/chroot/proc2 apache服务放到监狱中运行
注意了
[root@rrd chroot]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:686 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
[root@rrd chroot]# ps -ef|grep httpd
root 11412 1 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
daemon 11413 11412 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
daemon 11415 11412 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
daemon 11417 11412 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
daemon 11419 11412 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
daemon 11500 11412 0 19:03 ? 00:00:00 /application/apache2.2.21/bin/httpd -k graceful
root 12354 3265 0 20:33 pts/0 00:00:00 grep httpd
[root@rrd chroot]# killall httpd
[root@rrd chroot]# killall httpd
[root@rrd chroot]# killall httpd
[root@rrd chroot]# cp -a /application/apache2.2.21/ .
[root@rrd chroot]# ll
total 40
drwxr-xr-x 15 root root 4096 Aug 31 18:36 apache2.2.21
[root@rrd chroot]# vim /etc/passwd
daemon:x:2:2:daemon:/sbin:/bin/bash
[root@rrd chroot]# vim etc/passwd
daemon:x:2:2:daemon:/sbin:/bin/bash
[root@rrd chroot]# su – daemon &
[1] 12488
[root@rrd chroot]# who am i
root pts/0 2012-08-31 18:32 (172.16.0.132)
[1]+ Stopped su – daemon
[root@rrd chroot]# whoami
Root
[root@rrd chroot]# find / -name httpd ##看看httpd文件都在哪里
/etc/httpd
/application/apache2.2.21/bin/httpd
/usr/lib64/httpd
/home/lincong/tools/httpd-2.2.21/.libs/httpd
/home/lincong/tools/httpd-2.2.21/httpd
/var/log/httpd
/var/chroot/apache2.2.21/bin/httpd##监狱下面有一个
[root@rrd chroot]# netstat -lnt ##检查一下端口,80不在了说明杀掉了
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:686 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22
[root@rrd chroot]# /var/chroot/apache2.2.21/bin/httpd ##监狱环境中启动apache
[root@rrd chroot]# netstat -lnt |grep 80
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
[root@rrd chroot]# ps -ef|grep httpd
root 12683 1 0 22:20 ? 00:00:00 /var/chroot/apache2.2.21/bin/httpd
daemon 12684 12683 0 22:20 ? 00:00:00 /var/chroot/apache2.2.21/bin/httpd
daemon 12686 12683 0 22:20 ? 00:00:00 /var/chroot/apache2.2.21/bin/httpd
daemon 12688 12683 0 22:20 ? 00:00:00 /var/chroot/apache2.2.21/bin/httpd
daemon 12690 12683 0 22:20 ? 00:00:00 /var/chroot/apache2.2.21/bin/httpd
root 12772 3265 0 22:21 pts/0 00:00:00 grep httpd
Httpd服务已经进到监狱了3 mysql服务放到监狱环境中运行
[root@rrd chroot]# /etc/init.d/mysqld start
Starting MySQL [ OK ]
[root@rrd chroot]# ps -ef|grep mysqld
root 12784 1 0 22:22 pts/0 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe –datadir=/usr/local/mysql/data –pid-file=/usr/local/mysql/data/rrd.pid
mysql 12886 12784 0 22:22 pts/0 00:00:00 /usr/local/mysql/libexec/mysqld –basedir=/usr/local/mysql –datadir=/usr/local/mysql/data –user=mysql –log-error=/usr/local/mysql/data/rrd.err –pid-file=/usr/local/mysql/data/rrd.pid –socket=/usr/local/mysql/tmp/mysql.sock –port=3306
root 12901 3265 0 22:22 pts/0 00:00:00 grep mysqld
[root@rrd chroot]# killall mysqld
[root@rrd chroot]# killall mysqld
[root@rrd chroot]# killall mysqld
[root@rrd chroot]# cp -a /usr/local/mysql/ .
[root@rrd chroot]# find / -name mysqld
/etc/rc.d/init.d/mysqld
/usr/local/mysql/libexec/mysqld
/home/lincong/tools/mysql-5.1.52/sql/mysqld
/chroot/mysql/usr/local/mysql/libexec/mysqld
/var/chroot/mysql/libexec/mysqld
[root@rrd chroot]# /var/chroot/mysql/libexec/mysqld ##启动时有错误
120831 22:29:51 [Warning] ‘–skip-locking’ is deprecated and will be removed in a future release. Please use ‘–skip-external-locking’ instead.
120831 22:29:51 [ERROR] Fatal error: Please read “Security” section of the manual to find out how to run mysqld as root!
120831 22:29:51 [ERROR] Aborting
120831 22:29:51 [Note] /var/chroot/mysql/libexec/mysqld: Shutdown complete
解决办法:
[root@rrd chroot]# vim etc/my.cnf
[mysqld]
#skip-locking##注释掉
skip-external-locking ##添加这行
[root@rrd chroot]# /var/chroot/mysql/libexec/mysqld ##还有错误
120831 22:38:50 [ERROR] Fatal error: Please read “Security” section of the manual to find out how to run mysqld as root!
120831 22:38:50 [ERROR] Aborting
120831 22:38:50 [Note] /var/chroot/mysql/libexec/mysqld: Shutdown complete
解决办法:
[root@rrd chroot]# vim /etc/my.cnf
[mysqld]
user = mysql
[root@rrd chroot]# cp /etc/my.cnf etc/my.cnf
[root@rrd chroot]# /var/chroot/mysql/libexec/mysqld
120831 22:44:27 InnoDB: Started; log sequence number 0 44233
120831 22:44:27 [Note] Event Scheduler: Loaded 0 events
120831 22:44:27 [Note] /var/chroot/mysql/libexec/mysqld: ready for connections.
Version: ‘5.1.52’ socket: ‘/usr/local/mysql/tmp/mysql.sock’ port: 3306 Source distribution
Last login: Fri Aug 31 18:32:41 2012 from 172.16.0.132
[root@rrd ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:686 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
[root@rrd ~]# ps -ef|grep mysqld
mysql 12987 1 0 22:44 ? 00:00:00 /var/chroot/mysql/libexec/mysqld
root 13041 13011 0 22:50 pts/1 00:00:00 grep mysqld
[root@rrd ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.52 Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| test |
+——————–+
3 rows in set (0.00 sec)
[root@rrd ~]# chroot /var/chroot/
bash-3.2# ls
apache2.2.21 bin dev etc home lib lib64 mysql proc tmp usr var
######################################################################################
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/
或
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/ -D
或
[root@rrd src]# /usr/local/jail/bin/addjailsw /var/chroot/ -P bash “–version”
addjailsw
A component of Jail (version 1.9 for linux)
http://www.jmcresearch.com/projects/jail/
Juan M. Casillas <juanm.casillas@jmcresearch.com>
Guessing mv args()
Guessing ls args()
Guessing ln args()
Guessing grep args()
Guessing cat args()
Guessing rmdir args()
Guessing vi args(-c q)
Guessing tail args()
Guessing sh args()
Guessing id args()
Guessing rm args()
Guessing head args()
Guessing cp args()
Guessing pwd args()
Guessing mkdir args()
Guessing touch args()
Guessing more args()
还记得这步吧!所以chroot /var/chroot/后的bash-3.2#运行命令是有限的
bash-3.2# whoami##就算是root用户执行的命令也是有限的
root
CentOS构建chroot环境
转载请注明出处:服务器评测 » CentOS构建chroot环境
相关推荐
- *[15% 折扣] Hosting Bot, LLC | 德克萨斯州达拉斯 / 弗吉尼亚州阿什本 | 裸机服务器 | 1-10Gbps
- Orange Website.com – 成立于 2009 年,我们对冰岛专用服务器提供高达45% 的折扣,我们现在 正在进行两项促销活动! 我们的主要专用服务器可享受20% 折扣- 最长可达每年(12 个月)的结算周期(非定期) 我们的折扣专用服务器可享受45% 折扣- 无计费周期限制(定期) 这两个代码对每个购物篮的数量没有限制,但每个帐户只能使用一次 。折扣专用服务器之所以打折,是因为硬件比较旧,对于那些对冰岛境外托管的裸机服务器感兴趣的人来说,这是一个理想的选择,因为冰岛有严格的隐私和言论自由法。服务器是戴尔 PowerEdge。 这些服务器是无人管理的,托管在冰岛的 Hafnarfjörður,使用 100% 可再生能源,包括地热和水力发电。 立即注册!!充分利用美国和欧洲之间的中间位置。 绿色专用服务器(20% 折扣 – 最长一年) 专用服务器 #1 专用服务器 #2 专用服务器 #3 专用服务器 #4 Intel Xeon E3(4 核) 8GB UDIMM RAM 1TB HDD 10TB每月流量 1 个独立 IP 地址 Intel Xeon E3(4 核) 16GB UDIMM RAM 250GB SSD 15TB每月流量 1 个独立 IP 地址 Intel Xeon E3(4 核) 16GB UDIMM RAM 480GB SSD + 1TB HDD 20TB每月流量 1 个独立 IP 地址 2 个Intel Xeon E5(4/6/8 核) 32GB RDIMM RAM 1TB SSD + 1TB HDD 25TB每月流量 1 个独立 IP 地址 每月 177.00 欧元 现价:每月 141.60 欧元 立即订购! 每月 223.00 欧元 现价:每月 178.40 欧元 立即订购! 每月 277.00 欧元 现价:每月 221.60 欧元 立即订购! 每月 317.00 欧元 现价:每月 253.60 欧元 立即订购! 折扣专用服务器(45% 折扣 – 定期) 折扣服务器 #1 Intel Xeon E3 (4 核) 8GB UDIMM RAM 1TB HDD 5TB每月流量 1 个独立 IP 地址 折扣服务器 #2 Intel Xeon E3 (4 核) 16GB UDIMM RAM 250GB SSD 5TB每月流量 1 个独立 IP 地址 折扣服务器 #3 Intel Xeon E3 (4 核) 16GB UDIMM RAM 480GB SSD + 1TB HDD 10TB每月流量 1 个独立 IP 地址 折扣服务器 #4 2 Intel Xeon E5 (4 核) 32GB RDIMM RAM 1TB SSD + 1TB HDD 15TB每月流量 1 个独立 IP 地址 每月 177.00 欧元 现价:每月 97.00 欧元 立即订购! 每月 223.00 欧元 现价:每月 122.50 欧元 立即订购! 每月 277.00 欧元 现价:每月 152.50 欧元 立即订购! 每月 317.00 欧元 现价:每月 174.50 欧元 立即订购!
- CycloneServers, LLC | 弗吉尼亚州阿什本 | 裸机服务器(最高可享受 25% 折扣!)
- 爱沙尼亚和荷兰 10Gbps 专用服务器优惠 – 快来抢购,以免售罄
- *裸机专用服务器仅需 58 美元,最高可达 12 核和 72GB RAM – CloudDC.us
- 🟢Python1.com | 自 2012 年起 | AMD Ryzen 3700X、5900X、7900、9900X | NVME| 美国
- ** 免费获得 Intel Xeon、AMD Ryzen 或 AMD EPYC 一个月。抓住你的🔥圣诞优惠
- *英国托管的cPanel专用服务器 – AMD Ryzen (7900, 7950X3D & 9950X) + 100TB @ 10Gbps