User Tools
команда_chroot
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
команда_chroot [2020/07/16 15:04] val |
команда_chroot [2024/05/14 15:09] (current) val |
||
|---|---|---|---|
| Line 31: | Line 31: | ||
| cp /bin/cat /var/www/bin/ | cp /bin/cat /var/www/bin/ | ||
| cp /usr/bin/file /var/www/usr/bin/ | cp /usr/bin/file /var/www/usr/bin/ | ||
| + | cp /usr/bin/date /var/www/usr/bin/ | ||
| cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ | cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ | ||
| Line 44: | Line 45: | ||
| cp /lib/x86_64-linux-gnu/libc.so.* /var/www/lib/x86_64-linux-gnu/ | cp /lib/x86_64-linux-gnu/libc.so.* /var/www/lib/x86_64-linux-gnu/ | ||
| cp /lib/x86_64-linux-gnu/libz.so.* /var/www/lib/x86_64-linux-gnu/ | cp /lib/x86_64-linux-gnu/libz.so.* /var/www/lib/x86_64-linux-gnu/ | ||
| + | #debian11_12 cp /lib/x86_64-linux-gnu/libbz2.so.* /var/www/lib/x86_64-linux-gnu/ | ||
| + | #debian12/ubuntu24 cp /lib/x86_64-linux-gnu/liblz* /var/www/lib/x86_64-linux-gnu/ | ||
| cp /usr/lib/x86_64-linux-gnu/libmagic.so.* /var/www/usr/lib/x86_64-linux-gnu/ | cp /usr/lib/x86_64-linux-gnu/libmagic.so.* /var/www/usr/lib/x86_64-linux-gnu/ | ||
| + | </code><code> | ||
| + | # sh makechroot.sh | ||
| </code> | </code> | ||
| === Создание окружения через debootstrap === | === Создание окружения через debootstrap === | ||
| + | |||
| + | * [[https://wiki.debian.org/ru/Debootstrap]] | ||
| + | |||
| <code> | <code> | ||
| - | root@server:~# apt install debootstrap | + | debian# apt install debootstrap |
| - | debian# cat lsb_release -a | + | debian# lsb_release -a |
| debian# debootstrap --variant=minbase --arch amd64 buster /var/www/ | debian# debootstrap --variant=minbase --arch amd64 buster /var/www/ | ||
| Line 60: | Line 68: | ||
| * [[http://www.serverschool.com/dedicated-servers/how-to-build-a-chroot-environment-in-centos/|How to Build a Chroot Environment in CentOS]] | * [[http://www.serverschool.com/dedicated-servers/how-to-build-a-chroot-environment-in-centos/|How to Build a Chroot Environment in CentOS]] | ||
| - | ==== FreeBSD ==== | ||
| - | |||
| - | === Создание окружения "в ручную" === | ||
| - | <code> | ||
| - | # ldd /bin/sh | ||
| - | # ldd /bin/cat | ||
| - | # ldd /usr/bin/file | ||
| - | |||
| - | # man file | ||
| - | |||
| - | # mkdir /var/www/bin | ||
| - | # mkdir /var/www/lib/ | ||
| - | |||
| - | # mkdir /var/www/usr | ||
| - | # mkdir /var/www/usr/bin | ||
| - | # mkdir /var/www/usr/lib | ||
| - | # mkdir /var/www/libexec/ | ||
| - | # mkdir -p /var/www/usr/share/misc | ||
| - | |||
| - | # cp /bin/sh /var/www/bin/ | ||
| - | # cp /bin/cat /var/www/bin/ | ||
| - | # cp /usr/bin/file /var/www/usr/bin/ | ||
| - | |||
| - | # cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ | ||
| - | |||
| - | # cp /lib/libedit.so.7 /var/www/lib/ | ||
| - | # cp /lib/libncurses.so.8 /var/www/lib/ | ||
| - | # cp /lib/libz.so.* /var/www/lib/ | ||
| - | # cp /lib/libc.so.7 /var/www/lib/ | ||
| - | # cp /usr/lib/libmagic.so.4 /var/www/usr/lib/ | ||
| - | # cp /libexec/ld-elf.so.1 /var/www/libexec/ | ||
| - | </code> | ||
| - | |||
| - | === Создание окружения через make buildworld === | ||
| - | |||
| - | [[Технология jail#Создание "мира"]] | ||
| ==== Тестирование ==== | ==== Тестирование ==== | ||
| <code> | <code> | ||
| - | debian# chroot /var/www/ /bin/bash | + | # chroot /var/www/ /bin/bash |
| или | или | ||
| - | freebsd# chroot /var/www/ /bin/sh | + | # unshare -R /var/www /bin/bash |
| # echo * | # echo * | ||
| Line 112: | Line 84: | ||
| </code> | </code> | ||
| - | ==== Тестирование изоляции процессов ==== | ||
| - | <code> | ||
| - | debian# mkdir /var/www/proc | ||
| - | debian# mount --bind /proc /var/www/proc | ||
| - | |||
| - | debian# chroot /var/www/ /bin/bash | ||
| - | |||
| - | # echo /proc/* | ||
| - | |||
| - | # apt install procps | ||
| - | |||
| - | # ps ax | ||
| - | </code> | ||
| ===== shell inetd web сервер в chroot ===== | ===== shell inetd web сервер в chroot ===== | ||
| * [[Сервис INETD]] | * [[Сервис INETD]] | ||
| - | ==== Debian/Ubuntu/FreeBSD ==== | + | ==== Debian/Ubuntu==== |
| <code> | <code> | ||
| Line 141: | Line 100: | ||
| ... | ... | ||
| base=/ | base=/ | ||
| + | log=/webd.log | ||
| ... | ... | ||
| </code> | </code> | ||
| + | ===== Поиск всех процессов в chroot ===== | ||
| - | ==== FreeBSD ==== | + | * [[https://support.cpanel.net/hc/en-us/articles/1500012454701-How-To-Find-The-List-Of-All-The-Chroot-ed-Processes-On-The-System|How To Find The List Of All The Chroot-ed Processes On The System?]] |
| <code> | <code> | ||
| - | # cat /etc/inetd.conf | + | for file in `find /proc/ -type l -name "root" -print 2> /dev/null | grep -Eiv /task/ 2> /dev/null`; do PID=`ls -d $file 2> /dev/null| awk -F "/" '{print $3}'` && printf "%s = %s = %s\n" "$PID" `ps -p "$PID" 2> /dev/null | tail -n1 | awk '{print $4}'` `readlink $file 2> /dev/null` | grep -Eiv "(= /$|^\s*=\s*$|^.*?=\s*$)";done |
| - | </code><code> | + | |
| - | ... | + | |
| - | #http stream tcp nowait root /usr/local/sbin/webd webd | + | |
| - | http stream tcp nowait root /usr/sbin/chroot chroot /var/www/ /sbin/webd | + | |
| - | </code><code> | + | |
| - | # service inetd restart | + | |
| </code> | </code> | ||
| + | |||
команда_chroot.1594901085.txt.gz · Last modified: 2020/07/16 15:04 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
