SSH Configuration Section:
First thing first, setup sshd so that it allows chroot for a given user as following:
Match User jazz
ChrootDirectory /home/jazz
AllowTCPForwarding yes
X11Forwarding no
Next, make sure the directory /home/jazz is owned explicitly on root and no one else:
chown -R root:root /home/jazz
Next execute following:
cd /home/jazz
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Execute following:
APPS="/bin/bash /bin/ls"
for prog in $APPS; do
cp $prog ./$prog
# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done
Please note apps above can be modified as per needed binaries. In a nutshell all the libraries on which binaries depend must be copied to lib, even those libraries depending on libraries must be copied.
Finally copy library as following:
cp /lib/ld-linux.so.2 lib
If you would like to share files between chroot and otherwise use following:
mount --bind /home/ubuntu/Downloads /home/jazz/Downloads
Ofcourse /home/jazz/Downloads must exist!
There chroot should work!
First thing first, setup sshd so that it allows chroot for a given user as following:
Match User jazz
ChrootDirectory /home/jazz
AllowTCPForwarding yes
X11Forwarding no
Next, make sure the directory /home/jazz is owned explicitly on root and no one else:
chown -R root:root /home/jazz
Next execute following:
cd /home/jazz
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Execute following:
APPS="/bin/bash /bin/ls"
for prog in $APPS; do
cp $prog ./$prog
# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done
Please note apps above can be modified as per needed binaries. In a nutshell all the libraries on which binaries depend must be copied to lib, even those libraries depending on libraries must be copied.
Finally copy library as following:
cp /lib/ld-linux.so.2 lib
If you would like to share files between chroot and otherwise use following:
mount --bind /home/ubuntu/Downloads /home/jazz/Downloads
Ofcourse /home/jazz/Downloads must exist!
There chroot should work!
0 comments:
Post a Comment