Displaying 20 results from an estimated 7000 matches similar to: "Placing Icecast in a chroot jail"
2004 Aug 06
2
Placing Icecast in a chroot jail
On Thu, 2002-12-19 at 01:30, msmith@labyrinth.net.au wrote:
> Alan Silvester <mascdman@shaw.ca> said:
>
> > Hi,
> >
> > (Sorry for the long email)
> >
> > As a bit of a learning exercise, I'm trying to place the icecast daemon
> > in a chroot jail. I've been mostly sucessful: I can get icecast to
> > serve the default stream from
2008 Jan 13
1
Can TFTPD run in a chroot jail?
Hi,
I've been struggling with this problem for the last couple of hours and am
nowhere near solving the problem. I am trying to run a tftp server in a
chroot jail. Now perhaps I am being paranoid, but I would like to have it
launched from within its own jail even if it supposedly does a chroot itself
and runs with a parameterizable user.
I downloaded the atftp-server package and tried
2016 Apr 20
2
Backspace key does not work in a ssh chroot jail
I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type.
I may have found a hint from some googling that readline will read in /etc/inputrc on login but if
2004 Sep 07
6
shorewall in chroot jail
Hello,
I would like to run other services like messaging services on my
firewall machine too.
Does it make sense to run shorewall, openvpn and the pppoe package in a
chroot jail? And is it possible to run these programs as an other user?
Ciao
Hugo
2008 Jan 14
1
What libs req'd to resolve DNS within a chroot jail?
Hi,
I've been working at getting a tftp server up an running in a chroot jail,
and I have finally succeed getting almost everything working. The server
itself works fine, however, it is implemented as a tcpwrapper application
(ie: in.tftpd) and I am having trouble getting it to resolve DNS names. I
copied my /etc/hosts.allow and /etc/hosts.deny in my chroot/etc folder,
however, they
2006 Oct 18
1
Using CHROOT jail in SFTP
Good afternoon,
I have been using OpenSSH 3.8p1 and added code to sftp-server.c so I could put users in chroot jail. When I setup a new system and downloaded OpenSSH 4.4p1 and tried the same patch it fails with the following in the /var/log/messages file:
sftp-server[11001]: fatal: Couldn't chroot to user directory /home/newyork/ftpbcc: Operation not permitted
I was wondering why one would
2017 Oct 24
1
[OT]: scp setup jailed chroot on Centos7
[Sorry about "top posting": my OT question arises from the subject..]
Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD
jails, and as I run CentOS and some other Linuxes for quite some time I
was under impression that there is no such thing as jail under Linux [at
least those flavors I run]. Under Linux I did use in variety of places
chrooted
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello,
on 9.1-R, I highly appreciate the new jail(8) and jail.conf
capabilities. Thanks for that extension!
But I have one problem: If I want to stop a jail with 'jaill -r
jailname', I get "umount: unmount of /.jail.jailname failed: Device busy"
It seems to me that the order of fstab.jailname entries are not reverted
by jail(8) when shutting down/umounting.
My C skills
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *,
I recently triggered an error when setting up a jail-host: I configured
the jail(s) like evry jail I set up in the past:
On the jail-hosts /etc/rc.conf:
# ---- Jail-Globals ----
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="ftp mx1 relay" # Space separated list of names of jails
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone,
I have resently installed a jail environment on my freebsd box, and had some
problems getting postgresql running under it.
After looking a bit on various mailinglists i figured out that I needed to
set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
run.
However man jail gives me:
jail.sysvipc_allowed
This MIB entry determines whether or not
2001 Apr 09
0
Running 'ssh' and 'scp' from a chroot jail (sandbox)
I have a need to have users SSH into a server where they are limited to a
chroot jail (sandbox). Once they are there, they need to be able to execute
'ssh' and 'scp' to other systems.
I've no problem setting up the basic chroot jail and providing basic
functionality (ls, cat, less, etc). The part that is stopping me is setting
it up so that that user can then 'ssh'
2014 Jan 01
0
Soft chroot jail for sftp-server
Hi everyone
I would like to enable unprivileged users to share only certain
directories using SFTP without acquiring root, without setting
capabilities using public-key-based forced commands.
In another use case unprivileged users could write scripts that
evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server
in a jail "$SSH_ORIGINAL_COMMAND" after
2005 Aug 26
1
Filtering jail IP traffic
Hi,
IP traffic from one jail to another jail, arrives on destination jail on
lo0 having the destination jails IP as source IP. Why not the source
jail's IP address?
How can I filter traffic from one jail to another, using ipfw of ipf?
Cheers,
--
Anders.
2005 Jun 27
1
running jail with alternate IP
I am currently setting up a firewall that translates my internal network
over to 5 public IP addresses. The addresses are dynamically assigned, so I
use ddclient to update my www.dyndns.org account. I've set up several
aliases on the external interface of the firewall, and succeeded in having
the internal computers use those extra public IPs.
What I want to do is have 5 copies of ddclient
2009 Jan 08
2
Problems with network in jail
Hi all,
Is it mandatory to add device mem to jails to enable network via the gateway?
Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server)
and am now starting again with FreeBSD-7.1.
Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
on 7.0). After creating the jail with
`ezjail-admin update -i`
I created a 'ports build' jail
`ezjail-admin
2017 Oct 20
4
scp setup jailed chroot on Centos7
Dear all
I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server.
Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc...
Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server.
Does anybody have a
1997 May 08
0
Re: root in a chroot jail (was: Buffer Overflows: A Summary)
Martin Pool wrote:
>
> > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU>
> > Date: 05 May 1997 12:23:05 -0400
>
> > [mod: Yes. One "catchall" would be to modify "suser()" to return
> > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a
> > chrooted environment just
2008 Feb 24
2
A simple rc.d jail patch to enable priority
Hello,
I have written this tiny little patch to the jail rc.d script, which
allows user to set jail nice value. It doesn't change any default
behaviour.
Can that make it to the trees?
Patch attached.
--
Jan Srzednicki :: http://wrzask.pl/
"Remember, remember, the fifth of November"
-- V for Vendetta
-------------- next part
2008 Feb 24
2
A simple rc.d jail patch to enable priority
Hello,
I have written this tiny little patch to the jail rc.d script, which
allows user to set jail nice value. It doesn't change any default
behaviour.
Can that make it to the trees?
Patch attached.
--
Jan Srzednicki :: http://wrzask.pl/
"Remember, remember, the fifth of November"
-- V for Vendetta
-------------- next part
2005 Jul 03
2
bind() on 127.0.0.1 in jail: bound to the outside address?
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail