On Thu, Nov 14, 2002 at 12:13:03PM +0100, Kosa Attila wrote:
On Wed, Nov 13, 2002 at 11:59:44AM +0100, Balazs Scheidler wrote:
On Wed, Nov 13, 2002 at 11:40:59AM +0100, Narancs wrote:
- Mivel és hogyan szoktátok az ntpd-t jailezni, erro"l van-e valami leírás valahol?
restrict-el szoktuk, ez a lenyeg:
export RESTRICT_UID=nobody export RESTRICT_GID=nogroup #export RESTRICT_GROUPS= #export RESTRICT_VERBOSE=1 export RESTRICT_CAPS=cap_sys_time,cap_net_bind_service,cap_sys_nice,cap_ipc_lock=pe export RESTRICT_CHROOT=/var/chroot/ntp/ export RESTRICT_FAKEUID=0
LD_PRELOAD=/usr/lib/librestrict.so /usr/sbin/ntpd
a jailen belul csak az ntp.cfg kell.
Meg /etc/hosts, /etc/resolv.conf es /etc/nsswitch.conf sem? Es /dev/null es /dev/log? Egy /tmp konyvtar?
fw:/var/chroot/ntp# find . ./etc ./etc/timezone ./etc/localtime ./etc/ntp.conf ./lib ./sbin ./usr ./usr/bin ./usr/lib ./usr/lib/gconv ./usr/sbin ./usr/share ./usr/share/doc ./usr/share/man ./usr/share/zoneinfo ./usr/share/zoneinfo/Europe ./usr/share/zoneinfo/Europe/Budapest ./var ./var/lib ./var/lib/misc ./var/lib/ntp ./dev ./dev/null ./dev/log ./tmp itt a hozza tartozo jailer.conf: <ntp> Root: /var/chroot/ntp Junk-Debs: libc6 ldso ntp Debs: ntp Conf: /etc/ntp.conf Extra: /dev/null /etc/timezone /etc/localtime /usr/share/zoneinfo/Europe/Budapest </ntp> -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1