| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 5,235
» Latest member: pwcreator
» Forum threads: 4,030
» Forum posts: 16,405
Full Statistics
|
| Online Users |
There are currently 426 online users.
» 0 Member(s) | 421 Guest(s)
Applebot, Baidu, Bing, Google, Yandex
|
| Latest Threads |
Wi-Fi works for a few min...
Forum: Network Problems
Last Post: kabifff
2025-12-15, 12:57 AM
» Replies: 0
» Views: 61
|
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 3,606
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 113,443
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 61,352
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 4,969
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 8,643
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 46,041
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 144,879
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 80,102
|
Using git + python
Forum: How Do I?
Last Post: Clueless puppy
2020-08-21, 04:37 PM
» Replies: 0
» Views: 62,842
|
|
|
| chrooting SSH on Fedora Core 3 |
|
Posted by: xDamox - 2005-03-28, 03:15 PM - Forum: Remote Access
- Replies (6)
|
 |
First off install ssh (must be the PAM enabled version)and you also need the libpam_chroot module.
if you have install ssh by default on fedora this module is installed :)
Ok so they should be installed.
Then edit "/etc/pam.d/sshd".
Code: #%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_chroot.so
if you do have pam_limits.so in the sshd config file comment it out with a # or remove the line
Hopefully a pam 'head' can explain why the limit file gives difficulties... probably something simple.
Ok so now when ssh uses pam it should use the pam_chroot. Thats what we just setup. Now we need to tell ssh to actaully use it [img]<___base_url___>/uploads/emoticons/default_laugh.png[/img]
Edit "/etc/ssh/sshd_config". I'm not going to put in the WHOLE sshd_config file here just the two lines that require to be set the ... represent the rest of the file.
Code: #normally this is yes.. so switch to no
UsePrivilegeSeparation no
#normally this is yes...but check
UsePAM yes
Ok it should be stressed that you should NEVER run ssh with UsePriv.. set to no unless you plan on chroot'in. This basically gives ssh the ability to be root, this can lead to real dangers. We need it to run as root because we cannot chroot the user into the new chroot enviroment unless we are root.
Right.. so sshd is ready... Now to finish off the PAM setup.
Edit "/etc/security/chroot.conf"
NOW we're ready.... Restart your ssh daemon to get the new config:
Code: /etc/init.d/sshd restart
Once you have got this far you will want to chown /home/znx to root:root
Code: chown root.root /home/znx
The finally change the permission to 755
you will need to add the binarys and library files to the chroot as shown below:
Code: # cd /home/
# mkdir chroot
# cd chroot/
# mkdir bin lib
# cp /bin/bash bin/
# ldd /bin/bash
libncurses.so.5 => /lib/libncurses.so.5 (0x40025000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x40062000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x40065000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
# cp /lib/libncurses.so.5 lib/
# mkdir lib/tls/i686/cmov -p
# cp /lib/ld-linux.so.2 lib/
# cp /lib/tls/i686/cmov/{libdl.so.2,libc.so.6} lib/
# cd
# chroot /home/chroot/ /bin/bash
bash-2.05b# ls
bash: ls: command not found
bash-2.05b# exit
Well thats it. The ssh daemon will now force a user into the chroot 'jail' using PAM. Lets test...
Code: # ssh -l znx localhost
Password: *******
Last login: Fri Mar 25 19:28:08 2005 from localhost.localdomain
-bash-2.05b$ ls
-bash: ls: command not found
-bash-2.05b$ logout
Connection to ubuntu closed.
Jy provided a link to the following site with a script that will move the binarys and librarys to the chrooted dir:
[/url][url=http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/]http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/
This guide was produced by znx and edited by xDamox ;) many thanks to znx
|
|
|
| keep fedora up to date using apt |
|
Posted by: anyweb - 2005-03-27, 11:06 PM - Forum: Fedora
- No Replies
|
 |
if you want to automate fedora keeping up to date, and you use apt (as in apt-get)
then try this (as root)
Code: vi /etc/cron.daily/apt.sh
then paste the following into the blank file
Code: #!/bin/sh
apt-get update && apt-get upgrade -y
now save the file and make it executable
to test it try doing this
Code: sh /etc/cron.daily/apt.sh
and you'll see something like the following:
Quote:[root@localhost cron.daily]# sh /etc/cron.daily/apt.shGet:1 [/url]http://ayo.freshrpms.net fedora/linux/3/i386 release [2139B]
Fetched 2139B in 0s (4712B/s)
Hit http://ayo.freshrpms.net fedora/linux/3/i386/core pkglist
Hit http://ayo.freshrpms.net fedora/linux/3/i386/core release
Hit http://ayo.freshrpms.net fedora/linux/3/i386/updates pkglist
Hit http://ayo.freshrpms.net fedora/linux/3/i386/updates release
Hit http://ayo.freshrpms.net fedora/linux/3/i386/freshrpms pkglist
Hit [url=http://ayo.freshrpms.net]http://ayo.freshrpms.net fedora/linux/3/i386/freshrpms release
Reading Package Lists... Done
Building Dependency Tree... Done
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages have been kept back
libpostproc mplayer sylpheed
0 upgraded, 0 newly installed, 0 removed and 3 not upgraded.
[root@localhost cron.daily]#
cheers
anyweb
|
|
|
|
| need to register the forums.... |
|
Posted by: anyweb - 2005-03-27, 10:44 PM - Forum: Site News
- Replies (11)
|
|
hi guys,
in order to update these forums i need to cough up 185$
[/url][url=http://www.invisionboard.com/act.ips/download]http://www.invisionboard.com/act.ips/download
that will give us a
Quote:Perpetual License
|
|
|
|
| Happy Easter!! |
|
Posted by: lia - 2005-03-26, 10:50 AM - Forum: Jokes
- Replies (3)
|
|
Why do we press harder on a remote control when we know the batteries are getting weak?
>Why do banks charge a fee on "insufficient funds" when they know there is not enough?
>
>Why does someone believe you when you say there are four billion stars, but check when you say the paint is wet?
>
>Why doesn't glue stick to the bottle?
>
>Why do they use sterilized needles for death by lethal injection?
>Why doesn't Tarzan have a beard?
>
>Why does Superman stop bullets with his chest, but ducks when you throw a revolver at him?
>
>Why do Kamikaze pilots wear helmets?
>
>Whose idea was it to put an "S" in the word "lisp"?
>
>If people evolved from apes, why are there still apes?
>
>Why is it that no matter what color bubble bath you use the bubbles are always white?
>
>Is there ever a day that mattresses are not on sale?
>
>Why do people constantly return to the refrigerator with hopes that something new to eat will have materialized?
>Why do people keep running over a string a dozen times with their vacuum cleaner, then reach down, pick it up, examine it, then put it down to give the vacuum one more chance?
>
>Why is it that no plastic bag will open from the end you first try?
>
>How do those dead bugs get into those enclosed light fixtures?
>
>When we are in the supermarket and someone rams our ankle with a shopping cart then apologizes for doing so, why do we say, "It's all right?"
>Why is it that whenever you attempt to catch something that's falling off the table you always manage to knock something else over?
>
>In Winter why do we try to keep the house as warm as it was in Summer when we complained about the heat?
>
>How come you never hear father-in-law jokes?
>
>If at first you don't succeed, shouldn't you try doing it like your wife told you to do it?
>The statistics on sanity are that one out of every four persons is suffering from some sort of mental illness. Think of your three best friends, if they're okay, then it's you.
>
>Are there specially reserved parking spaces for "normal" people at the Special Olympics?
>
>Do married people live longer than single ones or does it only seem longer?
>
>
>How important does a person have to be before they are considered assassinated instead of just murdered?
>
>
>
>Why does a round pizza come in a square box?
>
>How is it that we put man on the moon before we figured out it would be a good idea to put wheels on luggage?
>
>Why is it that people say they "slept like a baby" when babies wake up every two hours?
|
|
|
|
| PAM Problems |
|
Posted by: xDamox - 2005-03-25, 05:10 PM - Forum: Remote Access
- Replies (6)
|
|
Hi,
I was wanting to setup SSH so that users SSHing into my machine would be in a chroot. well
I notice PAM supports this feature so heres what I did:
first I added a user to the machine called test I issued the following command:
Once I added my user I when to the /etc/security/chroot.conf and added the following:
Once that was done I when to /etc/pam.d and edited the SSHD file and added the following:
Code: session required pam_chroot.so
Now that I did that I edited sshd_config to use pam and also set UsePrivilegeSeparation value
to no. now that was done I did:
Code: service sshd restart
and when I did ssh -l test localhost I logged into test and was able to cd /
the security logs show the following info:
Code: Mar 25 15:56:07 localhost sshd[6432]: Failed gssapi-with-mic for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:07 localhost sshd[6432]: Failed gssapi-with-mic for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:10 localhost sshd[6432]: Accepted password for test from ::ffff:127.0.0.1 port 33182 ssh2
Mar 25 15:56:10 localhost pam_chroot[6433]: /home/test is writable by non-root
any ideas?
|
|
|
|
| fedora problems |
|
Posted by: ge5239 - 2005-03-24, 04:21 PM - Forum: Fedora
- Replies (12)
|
|
yo yo yo ;)
first time user with linux, and already i got a bunch of problems, "looking good!".
first, installed fc3 three times now, first said it worked, but then i got "could not load os" when i tried to start.
second time it hung itself during installation
third time then, installation works, but then same "could not load os". then, mainly by accident, i booted up with my windows XP cd in the cd-reader. forgot the hit "any key" and look at that, fedora started!
fixed the settings, got my login, pass etc. fedora loading, typing in login + pass. and im in! it's loaded! so, then to my first problem:
mouse doesnt work! not sure if the usb is working, since the light on it is off, should be a nice blue light when mouse is online. tried to get myself somewhere with keyboard, but without success, really annoying! only keys that seems to be working is ctrl+alt+delete (log off / turn off), and print screen.
second problem is about the booting my fedora. after "veryfyin DMI Pool DATA", then a _, then nothing happends.. insert the win cd, and it works just fine, but then i cant even remove the cd when started, nothing happends, stone dead! reaction on cd is nada..
not that handy with computers, was just really annoyed after a virus in my windows so i've changed. ppl told me to use linux, that it wasnt that difficult, and then that they've never seen someone with so many problems in such short time..
some stuff i picked up during startup.
first the Veryifying DMI Pool Data, where it gets stuck if i dont have a cd in.
second, hmm, this is in swe, but "s
|
|
|
|
|
![[Image: shot03.png]](http://linuser.net/andreas/shot03.png)
