[REVS] Chrooting Unix Services

From: SecuriTeam (support_at_securiteam.com)
Date: 04/11/04

  • Next message: SecuriTeam: "[TOOL] LiLith - Web Application Auditing" 
    To: list@securiteam.com
Date: 11 Apr 2004 15:19:19 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Chrooting Unix Services
    ------------------------------------------------------------------------

    SUMMARY

    The below linked documentation is a UNIX chrooting guide for Solaris and
    Linux. The guide describe HOWTO jail Apache, Tomcat and MySQL and offers
    template chrooting scripts.

    DETAILS

    Introduction:
    This guide introduces appropriate steps when chrooting a UNIX service in
    its jail. Chrooting is one of the armoring tasks of the UNIX hardening
    procedure. It creates additional borders in case of zero day threats,
    where working hacking exploits could compromise the vulnerable system.
    Unfortunately, the initial steps of chrooting a specific service could
    lead into time-consuming procedure. This guide shall help understanding
    the chroot concept and giving motivation in really applying the chroot
    tasks for your public available services, such as Apache Web server.

    The guide assumes the reader is using self-compiled versions of their
    running Internet services, instead of using prepared rpms' or UNIX
    packages.

    It is advised creating an adequate chroot'ing script during the initial
    setup and engineering phase. This will speed up the time when UNIX
    administrators are patching and jailing new versions of their services. We
    expect UNIX administrators not chrooting services after a patching night,
    if this is not easy applicable. This paper offers template chrooting
    scripts for Linux and Solaris operating systems. Please use the provided
    template scripts with care and really read through the different section.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:ivan.buetler@csnc.ch> Ivan
    Buetler.

    The complete document can be found at:
    <http://www.csnc.ch/static/download/guide_chroot.html>
    http://www.csnc.ch/static/download/guide_chroot.html

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[TOOL] LiLith - Web Application Auditing"