At 03:33 PM 12/10/00 +0100, Stas Bekman wrote:
>Do you think I should include the scenario of making Apache run in chroot
>enviroment in the guide?
I think chroot Apache is important especially for dynamic services.
>Check out the last section of this article:
>Installing and Securing the Apache Webserver with SSL
> by Dale Coddington <[EMAIL PROTECTED]>
>http://www.securityfocus.com/focus/sun/articles/apache-inst.html
>
>Of course it's incomplete as it doesn't take into account all the stuff
>located under /lib/perl, but it's a good start.
I am not sure if this part is so hard. Why can't you copy the the /lib/perl
to the chroot area and repeat the process everytime you install a CPAN module?
If this is not that hard, then you may just want to reference the chroot
docs that exist out there. Of course, I could be mistaken about how hard
this is.
For example, perhaps the mod_perl server and the HTML/images server should
be separately chrooted from each other? That way, someone who breaks the
dynamic script won't be able to mess with the frontpage of the website to
deface it assuming the hacker could get around permissions issues within
the chroot jail.
BTW, OT Question on the subject -- does anyone know if /chroot/etc/shadow
necessary once the chroot jail is in effect? The author creates a shadow
file but it seemed odd to me. He also advocates copying it over and then
creating a new one from scratch which seems redundant and potentially
dangerous if the second step is forgotten.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
