First, I'm trying to following along on a document on "SecurityFocus" on "Securing MySQL: step-by-step". I'm on step 3.8 "Test the configuration". I have my CHROOT directory structure setup and the chrootuid is failing (haven't figured that one out, yet). So, I simply tried a 'chroot /chroot/mysql' and got: chroot: cannot run command `/bin/bash': No such file or directory I realized that the documentation didn't cover this so I simply: cp -a /bin/bash /chroot/mysql/bin I'm still getting the same error message when I try 'chroot /chroot/mysql': # chroot /chroot/mysql chroot: cannot run command `/bin/bash': No such file or directory It's there, I'm not sure what the problem is: # ls -l /bin/bash -rwxr-xr-x 1 root root 859120 Oct 24 2008 /bin/bash # ls -l /chroot/mysql/bin/bash -rwxr-xr-x 1 root root 859120 Oct 24 2008 /chroot/mysql/bin/bash (I'm performing this as root, since the mysql userid cannot login.) Ideas? Frank M. Ramaekers Jr. Systems Programmer MCP, MCP+I, MCSE & RHCE American Income Life Insurance Co. Phone: (254)761-6649 1200 Wooded Acres Dr. Fax: (254)741-5777 Waco, Texas 76710 _____________________________________________________ This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct at ailife.com.
Frank:> chroot: cannot run command `/bin/bash': No such file or directoryDo you have selinux disabled or enabled? Neil -- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net CentOS 5.4 VPS with unmetered bandwidth only $25/month! No overage charges, 7 day free trial, PayPal, Google Checkout
Frank M. Ramaekers wrote:> It's there, I'm not sure what the problem is: > # ls -l /bin/bash > -rwxr-xr-x 1 root root 859120 Oct 24 2008 /bin/bash > # ls -l /chroot/mysql/bin/bash > -rwxr-xr-x 1 root root 859120 Oct 24 2008 /chroot/mysql/bin/bashMake sure all of the libraries that bash needs are in the chroot? ldd <path to binary> nate
Frank M. Ramaekers wrote on Wed, 30 Dec 2009 09:51:10 -0600:> chroot: cannot run command `/bin/bash': No such file or directoryman chroot: If no command is given, run ??${SHELL} -i?? (default: /bin/sh). Likely bash relies on some library that is not available. (this is an error thrown by bash, not by chroot!) I don't see why you think running chroot is a good idea when the website says to do something else. Apart from that I very much doubt that using an article from 2003 based on FreedBSD 4.x is really what you want to follow. There is some good config stuff in there, but chrooting regularly updated daemons doesn't appear to be a good idea to me. You have to recompile them again and again for each security bug found. If you don't do this immediately you may actually be in more danger than without it. If you want to go that route, why then use an rpm-based system at all? Rather use OpenBSD. There may be good reasons why you do like you do, but in general I would rather use what's coming with the system, like SELinux, an IDS system and other monitoring, tight firewall rules and tight access control. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com