| View previous topic :: View next topic |
| Author |
Message |
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
 Posted: Tue Apr 17, 2007 11:13 pm Post subject: apache and chrooting to vhost [Solved] |
 |
|
Is there a way to chroot apache to a vhost? I dont want each of my vhosts going out and being able to talk to each other via the file system and php hacks.
Ideas?
Last edited by KWhat on Fri May 11, 2007 8:27 pm; edited 1 time in total |
|
| Back to top |
|
 |
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Thu Apr 19, 2007 2:26 am Post subject: |
|
|
| its quite a lengthy process, finally finished this marathon 3 day install this afternoon using peruser. The documentation for peruser really sucks, but i managed to get it running. I will post the instructions tomorrow if anyone else happens to stumble upon this thread. |
|
| Back to top |
|
|
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
| Posted: Sat Apr 28, 2007 8:01 pm Post subject: |
|
|
| What are you experiences with peruser? Is it stable? And perfoming well enough under high load? Thanks |
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Sat Apr 28, 2007 8:07 pm Post subject: |
|
|
| Its very touchy, it seems to be working on a development server i tested on but under high load i dont know. I am working with our sysadmin to get it on another box and the make it live, so we will see how fast/stable it is in a production environment within a few weeks. |
|
| Back to top |
|
|
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
| Posted: Sun Apr 29, 2007 3:21 pm Post subject: |
|
|
OK, great to hear. Thanks for answering. I'm very eager to seperate the apache processes because I got at least one PHP-software which I'm not trusting (concerning bugs of course). For now I will give suhosin a try 
May I ask why you choose peruser and not one of the other available MPMs (itk & co)?[/list] |
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Mon Apr 30, 2007 8:09 am Post subject: |
|
|
We have a very large website with quite a few sub sections on it. The problem is the people writing the php for this site arnt very good at writing code and as a result the site got hacked. The easiest way to secure the site would be to break it out into sections that are vhosted and the easiest way to prevent scripts from one compromised section access and modifying other pages would be to have apache run as a different user and group per vhost. Alot of the other hack prevention scripts limit some web applications and also don't pick up everything... I would rather be safe than sorry.
I will keep this tread posted as soon as we get the other systems up and running. |
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Thu May 03, 2007 3:45 pm Post subject: |
|
|
Update****
Ok, i have been running peruser on a test box for a while now and it seems to crash periodically. For some reason the apache process just dies. I have been unable to find any logs that tell me why it does but it just seems to drop out and die with out any log entry as to why or what happened. I will keep an eye on it and see if i can figure out whats going on but right now its seems like if I want to run peruser in a production env i will have to manitor port 80 and restart the service when it drops out automatically.
if anyone is interested I used the setup as outlined in this post: https://forums.gentoo.org/viewtopic-t-553899-highlight-peruser.html?sid=ecf70e00e66ade0cab9fce1504075d56 |
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
|
| Back to top |
|
|
|
Networking & Security
