| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 5,245
» Latest member: dprp
» Forum threads: 4,031
» Forum posts: 16,406
Full Statistics
|
| Online Users |
There are currently 743 online users.
» 0 Member(s) | 741 Guest(s)
Baidu, Bing
|
| Latest Threads |
how to allow only steam t...
Forum: Xorg Problems
Last Post: moquber
2026-03-17, 09:40 PM
» Replies: 0
» Views: 519
|
Wi-Fi works for a few min...
Forum: Network Problems
Last Post: kabifff
2025-12-15, 12:57 AM
» Replies: 0
» Views: 900
|
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 4,187
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 126,227
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 75,940
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 5,575
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 9,508
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 48,258
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 168,868
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 99,023
|
|
|
| apache in a chroot |
|
Posted by: hijinks - 2006-04-25, 06:07 PM - Forum: LAMP
- Replies (1)
|
 |
I took a script that I use to easily make a chroot enviroment for a user. I edited it to install a currently installed apache setup inside a chroot enviroment for added security. So I have only tested this out on centOS 4.3 with the http rpm installed and also php5. Now in theory it does check for php4 so give it a try.. it shouldn't break anything.
So in theory this script should work on any redhat/centos/fedora system out there. Look below the script to find install instructions
Code: #!/bin/sh
#
# (c) Copyright by Wolfgang Fuschlberger
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# ( http://www.fsf.org/licenses/gpl.txt )
# first Release: 2004-07-30
# latest update: 2006-04-20
# Jy update: 2006-04-25 (apache chroot)
#
# The latest version of the script is available at
# http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/
#
# Feedback is welcome!
#
# Thanks for Bugfixes / Enhancements to
# Michael Prokop <http://www.michael-prokop.at/chroot/>,
# Randy K., Randy D. and Jonathan Hunter.
#
# Features:
# - enable scp and sftp in the chroot-jail
# - use one directory (default /home/jail/) as chroot for all users
################################################################################
if [ "$(whoami)" != "root" ]; then
echo "Error: You must be root to run this command." >&2
exit 1
fi
# Specify the apps you want to copy to the jail
APPS="/bin/bash /bin/cp /usr/bin/dircolors /bin/ls /bin/sh /bin/su /usr/bin/id /usr/bin/nc /usr/sbin/httpd /usr/lib/httpd/modules/libphp5.so /usr/lib/httpd/modules/libphp4.so"
# Check if we are called with username or update
if [ -z "$1" ]; then
echo
echo "Error: Parameter missing. Did you forget the apache chroot dir?"
echo
echo "Creating new chrooted account:"
echo "Usage: $0 dir"
echo
exit
fi
# Check existence of necessary files
echo -n "Checking for chroot... "
if [ `which chroot` ];
then
echo "OK";
else
echo "failed
Please install chroot-package/binary!
"
exit 1
fi
JAILPATH=/chroot/$1
# make common jail for everybody if inexistent
if [ ! -d $JAILPATH ]; then
mkdir -p $JAILPATH
echo "Creating $JAILPATH"
fi
cd $JAILPATH
# Create directories in jail that do not exist yet
JAILDIRS="dev etc bin home sbin usr usr/bin usr/sbin var/log/httpd lib var/lib/php/session usr/lib/php/modules var/run usr/lib/httpd/modules usr/lib/httpd/build"
for directory in $JAILDIRS; do
if [ ! -d "$JAILPATH/$directory" ]; then
mkdir -p $JAILPATH/"$directory"
echo "Creating $JAILPATH/$directory"
fi
done
echo
# Creating necessary devices
[ -r $JAILPATH/dev/urandom ] || mknod $JAILPATH/dev/urandom c 1 9
[ -r $JAILPATH/dev/null ] || mknod $JAILPATH/dev/null c 1 3
[ -r $JAILPATH/dev/zero ] || mknod $JAILPATH/dev/zero c 1 5
[ -r $JAILPATH/dev/tty ] || mknod $JAILPATH/dev/tty c 5 0 && chmod 666 $JAILPATH/dev/tty
# Copy the apps and the related libs
echo "Copying necessary library-files to jail (may take some time)"
# The original code worked fine on RedHat 7.3, but did not on FC3.
# On FC3, when the 'ldd' is done, there is a 'linux-gate.so.1' that
# points to nothing (or a 90xb.....), and it also does not pick up
# some files that start with a '/'. To fix this, I am doing the ldd
# to a file called ldlist, then going back into the file and pulling
# out the libs that start with '/'
#
# Randy K.
#
# The original code worked fine on 2.4 kernel systems. Kernel 2.6
# introduced an internal library called 'linux-gate.so.1'. This
# 'phantom' library caused non-critical errors to display during the
# copy since the file does not actually exist on the file system.
# To fix re-direct output of ldd to a file, parse the file and get
# library files that start with /
#
if [ -x /root/ldlist ]; then
mv /root/ldlist /root/ldlist.bak
fi
if [ -x /root/lddlist2 ]; then
mv /root/lddlist2 /root/lddlist2.bak
fi
for app in $APPS; do
# First of all, check that this application exists
if [ -x $app ]; then
# Check that the directory exists; create it if not.
app_path=`echo $app | sed -e 's#\(.\+\)/[^/]\+#\1#'`
if ! [ -d .$app_path ]; then
mkdir -p .$app_path
fi
# If the files in the chroot are on the same file system as the
# original files you should be able to use hard links instead of
# copying the files, too. Symbolic links cannot be used, because the
# original files are outside the chroot.
cp -p $app .$app
# get list of necessary libraries
ldd $app >> /root/ldlist
fi
done
# Clear out any old temporary file before we start
if [ -e /root/ldlist2 ]; then
rm /root/ldlist2
fi
for libs in `cat /root/ldlist`; do
frst_char="`echo $libs | cut -c1`"
if [ "$frst_char" = "/" ]; then
echo "$libs" >> /root/ldlist2
fi
done
for lib in `cat /root/ldlist2`; do
mkdir -p .`dirname $lib` > /dev/null 2>&1
# If the files in the chroot are on the same file system as the original
# files you should be able to use hard links instead of copying the files,
# too. Symbolic links cannot be used, because the original files are
# outside the chroot.
cp $lib .$lib
done
#
# Now, cleanup the 2 files we created for the library list
#
/bin/rm -f /root/ldlist
/bin/rm -f /root/ldlist2
# Necessary files that are not listed by ldd
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/libcap.so.1 /lib/libnss_dns.so.2 ./lib/
# if you are using PAM you need stuff from /etc/pam.d/ in the jail,
echo "Copying files from /etc/pam.d/ to jail"
cp -r /etc/pam.d ./etc/
# ...and of course the PAM-modules...
echo "Copying PAM-Modules to jail"
cp -r /lib/security ./lib/
# ...and something else useful for PAM
#echo "Copying /etc/security to jail"
cp -r /etc/security ./etc/
cp /etc/login.defs ./etc/
cp -rf /etc/host.conf /etc/nsswitch.conf /etc/resolv.conf ./etc
echo "Copying over the apache/php configs"
cp -rf /etc/httpd ./etc/
cp -rf /etc/php.d ./etc/
cp -rf /etc/php.ini ./etc/
cp /etc/mime.types ./etc/
cp -rf /usr/lib/php/modules/* ./usr/lib/php/modules/
cp -rf /usr/lib/httpd/modules/* ./usr/lib/httpd/modules/
cp -rf /usr/lib/httpd/build/* ./usr/lib/httpd/build/
chown apache:apache ./var/lib/php/session
echo $2
if [ -n "$2" ]
then
echo "Copying over the doc root: $2"
cp -rf $2 .$2
else
mkdir -p ./var/www
mkdir -p ./var/www/cgi-bin
cp -rf /var/www/error ./var/www
cp -rf /var/www/icons ./var/www
mkdir -p ./var/www/html
fi
echo "Copying over the logs"
cp -rf /var/log/httpd ./var/log/
echo "Grabbing the apache user"
grep apache /etc/passwd > ./etc/passwd
grep apache /etc/group > ./etc/group
exit
Ok now put the script into a file.. This wants to install the base enviroment into the /chroot dir. You don't need to create it but if you want it on another partition then you should create a nice little symlink
So to create a basic setup which includes moving over all your html files from your root dir you would run the following command
Code: sh make_chroot_jail.sh httpd /var/www/
You can run it without the /var/www and it will not move anything over but create the basic layout in /var/www like your basic install would
So now we need to do some things with syslog to make apache log. So edit /etc/sysconfig/syslog and look for a line with SYSLOGD_OPTIONS and make it look something like this
Code: SYSLOGD_OPTIONS="-m 0 -a /chroot/httpd/dev/log"
You would change httpd to the name you used in the sh make_chroot_jail command. So restart syslog with the following command
Code: service syslog restart
Now lets test starting apache
Code: chroot /chroot/httpd /usr/sbin/httpd
You might have to stop the normal apache from running or it won't beind to the port.
hope this helps some people out!
now on a side note you will see it running as /usr/sbin/httpd in a ps aux. Now this is normal since its running in a chroot here is an example
Code: [root@fx-ws-sop-110 www]# ps aux | grep httpd
root 20627 0.0 0.3 16496 6840 ? Ss 15:00 0:00 /usr/sbin/httpd
apache 20628 0.0 0.3 16496 6960 ? S 15:00 0:00 /usr/sbin/httpd
apache 20629 0.0 0.3 16500 6976 ? S 15:00 0:00 /usr/sbin/httpd
apache 20630 0.0 0.3 16496 6956 ? S 15:00 0:00 /usr/sbin/httpd
apache 20631 0.0 0.3 16496 6956 ? S 15:00 0:00 /usr/sbin/httpd
apache 20632 0.0 0.3 16500 6976 ? S 15:00 0:00 /usr/sbin/httpd
apache 20633 0.0 0.3 16496 6956 ? S 15:00 0:00 /usr/sbin/httpd
apache 20634 0.0 0.3 16496 6956 ? S 15:00 0:00 /usr/sbin/httpd
apache 20635 0.0 0.3 16496 6856 ? S 15:00 0:00 /usr/sbin/httpd
To verify its running correctly grab the PID of the httpd process that is running as root and do something like this
Code: ls /proc/20627/root/
It should show you the directory structure of /chroot/httpd
|
|
|
| Trouble playing certain videos with mplayer(codec issue) |
|
Posted by: shadowphone - 2006-04-24, 02:43 PM - Forum: SUSE
- Replies (3)
|
 |
Hello I have a problem i'm trying to sort out. I have suse 10 and I use mplayer to play my videos. Most play fine but there are certain disks I have that simply don't work even tho I have the win32codec pack installed on my system. I'm kinda lost as to what to do next so any help would be appreciated. When I run the file which is either an mpeg or a .avi I get an audi codec error and garbage shown in the screen. If I run mplayer from the console I get the output below.
RAWDV file format detected.
VIDEO: [DVSD] 720x480 24bpp 29.970 fps 0.0 kbps ( 0.0 kbyte/s)
==========================================================================
Opening audio decoder: [libdv] Raw DV Audio Decoder
Unknown/missing audio format -> no sound
ADecoder init failed :(
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
Cannot find codec 'dvaudio' in libavcodec...
ADecoder init failed :(
ADecoder init failed :(
Cannot find codec for audio format 0x56444152.
Read DOCS/HTML/en/codecs.html!
==========================================================================
vo: X11 running at 1280x1024 with depth 24 and 32 bpp (":0.0" => local display)
==========================================================================
Opening video decoder: [dshow] DirectShow video codecs
Decoder supports the following YUV formats: YUY2 UYVY
Decoder is capable of YUV output (flags 0x9)
VDec: vo config request - 720 x 480 (preferred csp: Packed YUY2)
[PP] Using codec's postprocessing, max q = 4.
VDec: using Packed YUY2 as output csp (no 0)
Movie-Aspect is undefined - no prescaling applied.
VO: [xv] 720x480 => 720x480 Packed YUY2
Selected video codec: [qdv] vfm:dshow (Sony Digital Video (DV))
==========================================================================
Audio: no sound
Starting playback...
No bind found for key MOUSE_BTN0
V: 61.0 1830/1830 58% 7% 0.0% 0 0
|
|
|
|
| MY Suse 10 Problems |
|
Posted by: cwood06 - 2006-04-23, 11:21 PM - Forum: SUSE
- Replies (1)
|
 |
Hello, I have latly been interested in installing linux on my Acer 5672 Laptop and still keeping Windows XP Pro. I have been able to install LInux but it gets ride of my NTSC or FAT32 Partition. I have Tryed using partition magic to unaloocate soem space to us on my Hard disc but Yast doesnt seam to see my WIndows partition. And when i try to exit yast i cant boot back up to xp and i have reload home then use the acer recvery disk to get xp pro back. I dunno if this is a Bug or what? If someone could should me a tut i could us or give me some info on it i would deeply apperseate it!
Thanks in Advance
Cwood06
|
|
|
|
| Install & Get Smarty working on SuSE 10 |
|
Posted by: ahuffman - 2006-04-23, 06:20 PM - Forum: SUSE
- Replies (1)
|
|
Hi, I'm in desperate need of help here. My senior project is due in 2 weeks and I can't get this Smarty template program working which I need for it.
I'm building a online shopping cart system w/ mysql, apache 2, smarty & php. I've been messing with this stuff for days and I have absolutely had it. I tried the way this book sets it up, i've tried the instructions for the quick install of smarty. Im not sure if its my php setup or what. I keep receiving this error:
Code: Warning: fetch(templates_c/%%45^45E^45E480CD%%index.tpl.php): failed to open stream: No such file or directory in /usr/share/php/smarty/Smarty.class.php on line 1258
Warning: fetch(): Failed opening 'templates_c/%%45^45E^45E480CD%%index.tpl.php' for inclusion (include_path='/usr/share/php') in /usr/share/php/smarty/Smarty.class.php on line 1258
Warning: _include(templates_c/%%55^55C^55C3DD28%%debug.tpl.php): failed to open stream: No such file or directory in /usr/share/php/smarty/Smarty.class.php on line 1925
Warning: _include(): Failed opening 'templates_c/%%55^55C^55C3DD28%%debug.tpl.php' for inclusion (include_path='/usr/share/php') in /usr/share/php/smarty/Smarty.class.php on line 1925
when i attempt to run the page. My templates_c folder is writable. Im just not sure if i have it in the right spot or what the problem is. I'm using SuSE 10. I don't know if this makes a difference or not.
Please help me or i'm doomed haha!
-Thanks in advance.
|
|
|
|
| via/s3g driver |
|
Posted by: noob_penguin - 2006-04-23, 12:49 PM - Forum: Just Starting Linux
- Replies (1)
|
|
Hi Gurus,
I m new to this group and an absolute noob.
I had installed FC2 on my PC sometime back but it does not have the driver for my display adaptor--which is VIA/S3G Unichrome. Instead, it is using the generic driver VESA. Due to this, the display quality is pathetic. I really would like to learn and use Fedora but this display quality turns me off. I am thinking of installing FC5 but I m not sure if this driver is present in FC5.
Please help!!
|
|
|
|
| Hardening FC4 |
|
Posted by: cyris - 2006-04-21, 12:55 PM - Forum: Tips and Tricks
- Replies (1)
|
|
Hello everyone. Over the next few days I would like to do a security review on my FC4 server at home. I was wondering if anyone could recommend any hardening applications that would assist me in this process?
|
|
|
|
| Windows running inside linux |
|
Posted by: Yaravi - 2006-04-21, 12:46 PM - Forum: Wine
- Replies (6)
|
|
I've seen many screenshots from linux users running windows with wine inside linux (no matter what bistro they were using).
My question is How can I do that and most important is if that the network services from windows work? thats because i have to switch between linux and windows depend of the application i required.
thank you.
|
|
|
|
| strange spam |
|
Posted by: gobblox - 2006-04-21, 12:32 AM - Forum: General Chat
- No Replies
|
|
i keep getting these emails from a sender whose name is a different string of alpha numerics with one word subject lines, for example
Sender: fle43jj@(some random working website)
Subject: wholesome
text: Fly over tv very
I assume its automated, as it makes no english sense, but what is it for? just to test if the mail actually made it to a mailbox or not so they can send me spam for their penis growth pills?
does anyone have any idea what these are trying to accomplish?
|
|
|
|
|
![[Image: znx.ss.20060408210917.png]](http://kutzooi.co.uk/img/znx.ss.20060408210917.png)
