similar to: Postfix chroot jail - Centos 4

According to http://www.redhat.com/magazine/006apr05/features/selinux/ there is a package named selinux-policy-strict, which contains a series of rules for correctly handling many situations (software) when using strict policy. Does CentOS have this package available ? If not, can someone make it available through Centosplus or Addon, for example ? This package is not part of the upstream main

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type. I may have found a hint from some googling that readline will read in /etc/inputrc on login but if

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just

Thanks for the info. On Wed, Oct 13, 2010 at 5:27 PM, Anton Korobeynikov <anton at korobeynikov.info> wrote: > > > My project code is outside the source tree, and I've altered the Makefile to > > generate a shared library for the backend (libLLVMRiscoCodeGen.so). > You cannot do this anymore. You need to alter the build system (add > stuff to configure, etc.)

Hi, I'm developing a very basic new LLVM backend for a RISC machine (named Risco), based on the existing Sparc and Mips backends and the main tutorial [1]. I'm having trouble registering the backend so the main tools can see it. My project code is outside the source tree, and I've altered the Makefile to generate a shared library for the backend (libLLVMRiscoCodeGen.so). I've

My USB Pendrive gets mounted everytime I put it on the USB port (/dev/sda on /media/usbdisk). This behaviour is the desired. Now I want the OS to automaticaly include the mount option iocharset=iso8859-1 everytime it mounts it. Is there a way to tell haldaemon (or other software) do this, instead of hand-editing /etc/fstab ? -- Vilela -------------- next part -------------- An HTML attachment

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

[Sorry about "top posting": my OT question arises from the subject..] Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD jails, and as I run CentOS and some other Linuxes for quite some time I was under impression that there is no such thing as jail under Linux [at least those flavors I run]. Under Linux I did use in variety of places chrooted

I have a need to have users SSH into a server where they are limited to a chroot jail (sandbox). Once they are there, they need to be able to execute 'ssh' and 'scp' to other systems. I've no problem setting up the basic chroot jail and providing basic functionality (ls, cat, less, etc). The part that is stopping me is setting it up so that that user can then 'ssh'

Hi, Over the weekend I decided to create an icecast relay for Nicecast. I wanted this to run in a chroot jail on a redhat server. There did not seem to be much on the web about setting this up; I'm including some details here. This is my first encounter with icecast; I'm hoping to elicit comments and criticism (e.g., if my post is too long). First, there did not seem to be a startup

Good afternoon, I have been using OpenSSH 3.8p1 and added code to sftp-server.c so I could put users in chroot jail. When I setup a new system and downloaded OpenSSH 4.4p1 and tried the same patch it fails with the following in the /var/log/messages file: sftp-server[11001]: fatal: Couldn't chroot to user directory /home/newyork/ftpbcc: Operation not permitted I was wondering why one would

Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried

On Thu, 2002-12-19 at 01:30, msmith@labyrinth.net.au wrote: > Alan Silvester <mascdman@shaw.ca> said: > > > Hi, > > > > (Sorry for the long email) > > > > As a bit of a learning exercise, I'm trying to place the icecast daemon > > in a chroot jail. I've been mostly sucessful: I can get icecast to > > serve the default stream from

Hello, I would like to run other services like messaging services on my firewall machine too. Does it make sense to run shorewall, openvpn and the pppoe package in a chroot jail? And is it possible to run these programs as an other user? Ciao Hugo

Hi, I've been working at getting a tftp server up an running in a chroot jail, and I have finally succeed getting almost everything working. The server itself works fine, however, it is implemented as a tcpwrapper application (ie: in.tftpd) and I am having trouble getting it to resolve DNS names. I copied my /etc/hosts.allow and /etc/hosts.deny in my chroot/etc folder, however, they

Hi, (Sorry for the long email) As a bit of a learning exercise, I'm trying to place the icecast daemon in a chroot jail. I've been mostly sucessful: I can get icecast to serve the default stream from its jail, however I can't get multiple streams to work. I think the problem is that icecast can't resolve addresses in the jail, however I do have an etc/hosts file and

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

Hi, This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot

Did Red Hat release a stable (non-beta) and GPL version of Directory Server, or Fedora Directory Server is the only thing we have now? Can we have it on centosplus or extras? -- Vilela