| View previous topic :: View next topic |
| Author |
Message |
carpman
Advocate
Joined: 20 Jun 2002
Posts: 2202
Location: London - UK
|
 Posted: Mon Dec 05, 2005 11:53 am Post subject: chroot apache + mysql + php |
 |
|
Hello, ok want to secure a server i am building for socketmail project, i don't need any mta installed as socketmail has it own deamons for this, i have sata SWR 1 already setup for /var/www also have /var/lib/mysql on separate scsi SWR 1.
Now i have been doing some research on this, even found an ebuild that chroots apache, thing is still 100% clear on what is involved?
Now i understand that apache libs and some system apps need copying over to chroot, but what about websites?
Does /var/www need to be in chroot? if so could chroot could use the SWR1 for chrooting apaching say mounting it as:
| Code: |
/var/chroot/apache/www
|
Or can i have separate chroot enviroment for chrooting services but mysql databases and website files stay in same place?
chroot
| Code: |
/chroot/apache
/chroot/mysql
|
data
| Code: |
/var/lib/mysql
/var/www
|
many thanks
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb |
|
| Back to top |
|
 |
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Mon Dec 05, 2005 4:32 pm Post subject: |
|
|
Hello
Wanted to point out mod_security and it's chroot handling.. in case you weren't aware of it.
I also wanted to let you know about strace and ldd. They were critical for me to work out the chroot problems.. and what apache needed that weren't in the jail.
Sorry if this is old news to you.
hanji |
|
| Back to top |
|
|
carpman
Advocate
Joined: 20 Jun 2002
Posts: 2202
Location: London - UK
|
| Posted: Tue Dec 06, 2005 11:13 am Post subject: |
|
|
| hanj wrote: | Hello
Wanted to point out mod_security and it's chroot handling.. in case you weren't aware of it.
I also wanted to let you know about strace and ldd. They were critical for me to work out the chroot problems.. and what apache needed that weren't in the jail.
Sorry if this is old news to you.
hanji |
Thanks for that, though still does not answer my question on whether a chrooted service such as apache and mysql must have user data in chrooted enviroment?
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb |
|
| Back to top |
|
|
|
Networking & Security
