similar to: bind-chroot rpm only builds chroot tree?

I've done something a while back that has messed with my named.conf and prevents me from restarting named service normally... My problem... # service named restart Stopping named: [FAILED] Starting named: named: already running [FAILED] nothing gets logged in /var/log/messages obviously, I can do this to restart it... [root at

On Thu, April 13, 2017 3:05 am, Nicolas Kovacs wrote: > Le 13/04/2017 ? 04:27, Robert Moskowitz a ?crit : >> But make sure to have SELinux enabled if you do not run it chrooted. >> >> I have mine running that way. > > I bluntly admit not using SELinux, because until now, I mainly used more > bone-headed systems that didn't implement it. Maybe this is the right

Installed using pkd_add or ports BIND-9.6.0-P1 working fine. 1.But seems can't run under chroot well: ---------------------------------------------------------- Jan 27 13:54:08 ns named[36447]: starting BIND 9.6.0-P1 -c named.conf -t /var/named -u bind Jan 27 13:54:08 ns named[36447]: built with '--localstatedir=/var' '--disable-linux-caps'

Hi list, here is what happened: today I noticed some resolution's problems on my network. I did a "service named status" and here was the output: # /etc/init.d/named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. In the

On 04/12/2017 06:18 PM, John R Pierce wrote: > On 4/12/2017 3:11 PM, Nicolas Kovacs wrote: >> On my public servers, I usually run BIND for DNS. I see CentOS offers a >> preconfigured (sort of) bind-chroot package. I wonder what's the >> effective benefit of this vs. a "normal" BIND setup without chroot. On >> my Slackware servers, I have a rather

I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type. I may have found a hint from some googling that readline will read in /etc/inputrc on login but if

Please post to the mailing list the next time Ralf. I'm not using yp directory listings, but I can guess why it is not working. You're probably missing the libcurl.so library in your chroot jail directories. Here's the listing of files I have in the chroot jail: -----%< cut here > ls -R .: admin etc lib opt usr var web ./admin: listclients.xsl listmounts.xsl

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

I'm stuck on a problem with rsync... We've got a chrooted shell with rsync and all the needed libs inside (and not much else). We're using rsync over ssh to send the files into this chrooted session. The rsync binary in the chrooted session is SUID root so that it can create the files with the correct UID/GID. When the following is run, it creates all the files as root.staff, not

Hello, I've got strange problem with centos (as well as rhel btw) chrooted environment. First of all I created simple directory with only the libs for 'bash' and 'id' tools: ---- # chroot testcase/ bash-3.1# id uid=0 gid=0 groups=0,1,2,3,4,6,10 ---- Yes, I even do not have /etc/ directory inside testcase/ , but id shows groups from the _host_ root account. I tried to

[Sorry about "top posting": my OT question arises from the subject..] Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD jails, and as I run CentOS and some other Linuxes for quite some time I was under impression that there is no such thing as jail under Linux [at least those flavors I run]. Under Linux I did use in variety of places chrooted

https://bugzilla.mindrot.org/show_bug.cgi?id=3662 Bug ID: 3662 Summary: Make logging of chrooted sftp sessions possible internally routed to local file, without /dev/log device Product: Portable OpenSSH Version: 9.6p1 Hardware: amd64 OS: Linux Status: NEW Severity:

Hello - I am trying to set up a ssh chroot account on a Red Hat Enterprise Linux 5 server. I have my jail set up and have copied over a selection of commands and their libraries. I have also created a / dev and some devices. As part of that, I had to create a /dev/pts directory to handle the terminals. However, when I try to connect as the chrooted user, I get the following error:

-----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 2 May 1997 12:33:00 -0500 > From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM> > On almost all Unix operating systems, having superuser access in a > chroot() jail is still dangerous. In some recent revisions of 4.4BSD > operating systems, root can trivially escape chroot(), as well. I was thinking about possible attacks

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried

Hello, it has been a while since I had setup a DNS-Server with CentOS 6; these days I added a few zones needed for DDNS; this works but in /etc/ I found quite a strange file, I'm not sure if it was in use at the beginning I used this system as a DNS-Server, and after several 'yum update' not any more; /etc/named.root.key with this content managed-keys { # DNSKEY for the root zone. #

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

I am setting up bind this time around (just rebuilt my test machine via Kickstart) without chroot. I have a fair number of includes for named.conf; I have two views and other odds and ends. My thoughts are to make a directory; /etc/named.d to put all these includes into instead of 'dirtying' up /etc. This way the only files I replace/add to /etc are named.conf and rndc.key (I would

The sshd server has what I think is a serious flaw. There appears to be no way to turn off remote command execution. (someone please correct me if I am wrong). We have a server which uses a chroot jail, and rbash to severely limit what users can do on our system. The remote command bypasses all of that. ie. ssh user at host cat /etc/passwd will display the password file for the live system