This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
команда_chroot [2020/06/22 15:26] val [Debian/Ubuntu] |
команда_chroot [2024/04/26 09:46] val [Debian/Ubuntu] |
||
---|---|---|---|
Line 19: | Line 19: | ||
# man file | # man file | ||
- | # mkdir /var/www/bin | ||
- | # mkdir /var/www/usr/ | ||
- | # mkdir /var/www/usr/bin | ||
- | # mkdir -p /var/www/usr/share/misc | + | # cat makechroot.sh |
+ | </code><code> | ||
+ | mkdir /var/www/bin | ||
+ | mkdir /var/www/usr/ | ||
+ | mkdir /var/www/usr/bin | ||
- | # cp /bin/bash /var/www/bin/ | + | mkdir -p /var/www/usr/share/misc |
- | # cp /bin/cat /var/www/bin/ | + | |
- | # cp /usr/bin/file /var/www/usr/bin/ | + | |
- | # cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ | + | cp /bin/bash /var/www/bin/ |
+ | cp /bin/cat /var/www/bin/ | ||
+ | cp /usr/bin/file /var/www/usr/bin/ | ||
+ | cp /usr/bin/date /var/www/usr/bin/ | ||
- | # # For i386 Debian/Ubuntu | + | cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ |
- | # mkdir /var/www/lib | + | mkdir /var/www/lib/ |
- | # mkdir /var/www/i386-linux-gnu/ | + | mkdir /var/www/lib64 |
- | # mkdir /var/www/lib/i386-linux-gnu/ | + | mkdir /var/www/lib/x86_64-linux-gnu/ |
- | # mkdir /var/www/usr/lib | + | mkdir -p /var/www/usr/lib/x86_64-linux-gnu/ |
- | # cp /lib/ld-linux.so.2 /var/www/lib/ | + | cp /lib64/ld-linux-x86-64.so.* /var/www/lib64/ |
- | # cp /lib/i386-linux-gnu/libtinfo.so.5 /var/www/lib/i386-linux-gnu/ | + | cp /lib/x86_64-linux-gnu/libtinfo.so.* /var/www/lib/x86_64-linux-gnu/ |
- | # cp /lib/i386-linux-gnu/libdl.so.2 /var/www/lib/i386-linux-gnu/ | + | cp /lib/x86_64-linux-gnu/libdl.so.* /var/www/lib/x86_64-linux-gnu/ |
- | # cp /lib/i386-linux-gnu/libc.so.6 /var/www/lib/i386-linux-gnu/ | + | cp /lib/x86_64-linux-gnu/libc.so.* /var/www/lib/x86_64-linux-gnu/ |
- | # cp /lib/i386-linux-gnu/libz.so.1 /var/www/lib/i386-linux-gnu/ | + | cp /lib/x86_64-linux-gnu/libz.so.* /var/www/lib/x86_64-linux-gnu/ |
- | # cp /usr/lib/i386-linux-gnu/libmagic.so.1 /var/www/usr/lib/ | + | #debian11_12 cp /lib/x86_64-linux-gnu/libbz2.so.* /var/www/lib/x86_64-linux-gnu/ |
+ | #debian12 cp /lib/x86_64-linux-gnu/liblz* /var/www/lib/x86_64-linux-gnu/ | ||
+ | cp /usr/lib/x86_64-linux-gnu/libmagic.so.* /var/www/usr/lib/x86_64-linux-gnu/ | ||
+ | </code><code> | ||
+ | # sh makechroot.sh | ||
+ | </code> | ||
- | # # For x86_64 Debian/Ubuntu | + | === Создание окружения через debootstrap === |
- | # mkdir /var/www/lib/ | + | * [[https://wiki.debian.org/ru/Debootstrap]] |
- | # mkdir /var/www/lib64 | + | |
- | # mkdir /var/www/lib/x86_64-linux-gnu/ | + | |
- | # mkdir -p /var/www/usr/lib/x86_64-linux-gnu/ | + | |
- | # cp /lib64/ld-linux-x86-64.so.2 /var/www/lib64/ | ||
- | # cp /lib/x86_64-linux-gnu/libtinfo.so.5 /var/www/lib/x86_64-linux-gnu/ | ||
- | # cp /lib/x86_64-linux-gnu/libdl.so.2 /var/www/lib/x86_64-linux-gnu/ | ||
- | # cp /lib/x86_64-linux-gnu/libc.so.6 /var/www/lib/x86_64-linux-gnu/ | ||
- | # cp /lib/x86_64-linux-gnu/libz.so.1 /var/www/lib/x86_64-linux-gnu/ | ||
- | # cp /usr/lib/x86_64-linux-gnu/libmagic.so.1 /var/www/usr/lib/x86_64-linux-gnu/ | ||
- | |||
- | |||
- | # # For x86_64 Gentoo | ||
- | |||
- | # mkdir /var/www/lib/ | ||
- | # mkdir /var/www/lib64 | ||
- | # mkdir -p /var/www/usr/lib64/ | ||
- | |||
- | # cp /lib64/libreadline.so.6 /var/www/lib64/ | ||
- | # cp /lib64/libncurses.so.6 /var/www/lib64/ | ||
- | # cp /lib64/libc.so.6 /var/www/lib64/ | ||
- | # cp /lib64/ld-linux-x86-64.so.2 /var/www/lib64/ | ||
- | # cp /usr/lib64/libmagic.so.1 /var/www/usr/lib64/ | ||
- | </code> | ||
- | |||
- | === Создание окружения через debootstrap === | ||
<code> | <code> | ||
- | root@server:~# apt install debootstrap | + | debian# apt install debootstrap |
- | ubuntu16# debootstrap --variant=minbase --arch amd64 xenial /var/www/ | + | debian# lsb_release -a |
- | debian9# debootstrap --variant=minbase --arch i386 stretch /var/www/ | + | debian# debootstrap --variant=minbase --arch amd64 buster /var/www/ |
- | debian9# debootstrap --variant=minbase --arch amd64 stretch /var/www/ | + | |
</code> | </code> | ||
Line 87: | Line 68: | ||
* [[http://www.serverschool.com/dedicated-servers/how-to-build-a-chroot-environment-in-centos/|How to Build a Chroot Environment in CentOS]] | * [[http://www.serverschool.com/dedicated-servers/how-to-build-a-chroot-environment-in-centos/|How to Build a Chroot Environment in CentOS]] | ||
- | ==== FreeBSD ==== | ||
- | |||
- | === Создание окружения "в ручную" === | ||
- | <code> | ||
- | # ldd /bin/sh | ||
- | # ldd /bin/cat | ||
- | # ldd /usr/bin/file | ||
- | |||
- | # man file | ||
- | |||
- | # mkdir /var/www/bin | ||
- | # mkdir /var/www/lib/ | ||
- | |||
- | # mkdir /var/www/usr | ||
- | # mkdir /var/www/usr/bin | ||
- | # mkdir /var/www/usr/lib | ||
- | # mkdir /var/www/libexec/ | ||
- | # mkdir -p /var/www/usr/share/misc | ||
- | |||
- | # cp /bin/sh /var/www/bin/ | ||
- | # cp /bin/cat /var/www/bin/ | ||
- | # cp /usr/bin/file /var/www/usr/bin/ | ||
- | |||
- | # cp /usr/share/misc/magic.mgc /var/www/usr/share/misc/ | ||
- | |||
- | # cp /lib/libedit.so.7 /var/www/lib/ | ||
- | # cp /lib/libncurses.so.8 /var/www/lib/ | ||
- | # cp /lib/libz.so.* /var/www/lib/ | ||
- | # cp /lib/libc.so.7 /var/www/lib/ | ||
- | # cp /usr/lib/libmagic.so.4 /var/www/usr/lib/ | ||
- | # cp /libexec/ld-elf.so.1 /var/www/libexec/ | ||
- | </code> | ||
- | |||
- | === Создание окружения через make buildworld === | ||
- | |||
- | [[Технология jail#Создание "мира"]] | ||
==== Тестирование ==== | ==== Тестирование ==== | ||
<code> | <code> | ||
- | debian# chroot /var/www/ /bin/bash | + | # chroot /var/www/ /bin/bash |
или | или | ||
- | freebsd# chroot /var/www/ /bin/sh | + | # unshare -R /var/www /bin/bash |
# echo * | # echo * | ||
Line 139: | Line 84: | ||
</code> | </code> | ||
- | ==== Тестирование изоляции процессов ==== | ||
- | <code> | ||
- | debian# mkdir /var/www/proc | ||
- | debian# mount --bind /proc /var/www/proc | ||
- | |||
- | debian# chroot /var/www/ /bin/bash | ||
- | |||
- | # echo /proc/* | ||
- | |||
- | # apt install procps | ||
- | |||
- | # ps ax | ||
- | </code> | ||
===== shell inetd web сервер в chroot ===== | ===== shell inetd web сервер в chroot ===== | ||
* [[Сервис INETD]] | * [[Сервис INETD]] | ||
- | ==== Debian/Ubuntu/FreeBSD ==== | + | ==== Debian/Ubuntu==== |
<code> | <code> | ||
Line 168: | Line 100: | ||
... | ... | ||
base=/ | base=/ | ||
+ | log=/webd.log | ||
... | ... | ||
</code> | </code> | ||
+ | ===== Поиск всех процессов в chroot ===== | ||
- | ==== FreeBSD ==== | + | * [[https://support.cpanel.net/hc/en-us/articles/1500012454701-How-To-Find-The-List-Of-All-The-Chroot-ed-Processes-On-The-System|How To Find The List Of All The Chroot-ed Processes On The System?]] |
<code> | <code> | ||
- | # cat /etc/inetd.conf | + | for file in `find /proc/ -type l -name "root" -print 2> /dev/null | grep -Eiv /task/ 2> /dev/null`; do PID=`ls -d $file 2> /dev/null| awk -F "/" '{print $3}'` && printf "%s = %s = %s\n" "$PID" `ps -p "$PID" 2> /dev/null | tail -n1 | awk '{print $4}'` `readlink $file 2> /dev/null` | grep -Eiv "(= /$|^\s*=\s*$|^.*?=\s*$)";done |
- | </code><code> | + | |
- | ... | + | |
- | #http stream tcp nowait root /usr/local/sbin/webd webd | + | |
- | http stream tcp nowait root /usr/sbin/chroot chroot /var/www/ /sbin/webd | + | |
- | </code><code> | + | |
- | # service inetd restart | + | |
</code> | </code> | ||
+ |