similar to: scp setup jailed chroot on Centos7

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

-----"CentOS" <centos-bounces at centos.org> wrote: -----To: CentOS mailing list <centos at centos.org> From: Rainer Duffner Sent by: "CentOS" Date: 10/20/2017 08:00PM Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for

> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. > Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... > Without jail

[Sorry about "top posting": my OT question arises from the subject..] Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD jails, and as I run CentOS and some other Linuxes for quite some time I was under impression that there is no such thing as jail under Linux [at least those flavors I run]. Under Linux I did use in variety of places chrooted

Am 2017-10-24 12:19, schrieb Adrian Jenzer: > Hi Rainer > I would if I could but external offers only FTP and SCP... > > Regards Adrian AFAIK, for scp you need a proper shell. I've done that exactly once (chrooted ssh) and it was such a pain that I vowed to never do it again. The problem is that inside the chroot, you need: - nameresolution - a minimal

Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of

Hi all I just saw that I miss some log files in /var/log/httpd. There is a gap in January/February2016, no logs are available for this period. It seemed to work fine with the earlier logs as you can see. Has someone an explanation for this? It's a Centos 7.2 VM with Apache 2.4 running ownCloud only. Default logrotate config. -rw-r--r-- 1 root root 3367604 Apr 20 16:12 ssl_access_log

----- Oorspronkelijk bericht ----- Van: "Adrian Jenzer" <a.jenzer at herzogdemeuron.com> Aan: "CentOS mailing list" <centos at centos.org> Verzonden: Dinsdag 9 januari 2018 16:56:57 Onderwerp: Re: [CentOS] update to Centos7.4: Failed to open \EFI\BOOT\grubx64.efi - Not Found -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of

Hello All, updating from Centos7.3 to Centos7.4 rendered one of our laptops unbootable. EM: Failed to open \EFI\BOOT\grubx64.efi - Not Found Failed to load image \EFI\BOOT\grubx64.efi: Not Found start_image() returned Not Found How could this occur because of an update and how to fix this? What I tried is booting from centos usb, chroot to /mnt/sysimage and gave command: efibootmgr

I have a need to have users SSH into a server where they are limited to a chroot jail (sandbox). Once they are there, they need to be able to execute 'ssh' and 'scp' to other systems. I've no problem setting up the basic chroot jail and providing basic functionality (ls, cat, less, etc). The part that is stopping me is setting it up so that that user can then 'ssh'

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is

Folks, I've been tasked to find a solution that will create file-transfer-only accounts that are jailed or chrooted to a specific directory. (Not an uncommon task, I think.) Using the OpenSSH server and the OpenSSH scp client program, I can achieve the goal of having a file transfer only account jailed to a specified directory, by using the "scpjail" script (attached) as a

Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from

On 2/17/19 8:18 PM, Rowland Penny via samba wrote: > Possible things to check: > Is the ip for vlan1 10.1.2.34 ? Sure. It's the only IP vlan1 has inside the jail; it's shown as an alias on the base host. > Try just setting 'vlan1' You mean change "interfaces=vlan1 10.1.2.34/24" to just "interfaces=vlan1"? It doesn't change anything (still

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.

Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's

Hello. Has anyone here ever successfully set up a jail for X apps, connecting to an external X server? I'm trying an experimental sandbox setup here. I have a jail running on an aliased IP on my local machine and X programs connect out of the jail to my local X server via an SSH tunneled TCP connection. All other packets to and from the jail are denied by the packet filter. The trouble I am

Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another