[CHROOT] for secure computer

[bob1977]

Hi everybody,

I want to secure my gentoo by creating another linux system ( which can be gentoo) and chrooting into it. The last one would only go to the internet and couldn't access the other partitions.
Is it possible to do this. Is it secure and how to do?

If you have some links and even some explanation, I would be happy.

[ultraslacker]

chroot jails are used more often for certain daemons such as httpd and named. Creating a functional linux subsystem in a chroot means that the chroot is trivial to break out of. Not worth the effort, and your time is better spent hardening the linux system.

[bob1977]

What does-it mean that the chroot is broken? Is-it possible for someone who broke the chroot to go into original system or even modifying the filesystem if access to other partition is disabled via fstab, fdisk?
So, What can be done if the chroot is only created for accessing internet ( http, ftp, rsync.....)?

Thanks for you response.

[primero.gentoo]

chroot is not "security" and sometime can give you a false security feeling that make you leave open something else.

I always think that the only one security in a normal environment is about permission.
Take a very deep care about your permissions, think about ACL if your FS support and you need more granular protection.
I think that this is the most fast way to get your system more secure.

Then think about something deeper like LIDS and GrSecurity ... but you'll need time to spend

I'm not so experienced with these 2 solution , but i think that here in the forum you can find usefull information.

After that chroot can be a good security addiction.

Bye