[zorp-hu] udp-plug minta konfig
Balazs Scheidler
bazsi@balabit.hu
Thu, 14 Nov 2002 14:31:32 +0100
On Thu, Nov 14, 2002 at 12:13:03PM +0100, Kosa Attila wrote:
> On Wed, Nov 13, 2002 at 11:59:44AM +0100, Balazs Scheidler wrote:
> > On Wed, Nov 13, 2002 at 11:40:59AM +0100, Narancs wrote:
> >
> > > - Mivel és hogyan szoktátok az ntpd-t jailezni, erro"l van-e valami leírás
> > > valahol?
> >
> > restrict-el szoktuk, ez a lenyeg:
> >
> > export RESTRICT_UID=nobody
> > export RESTRICT_GID=nogroup
> > #export RESTRICT_GROUPS=
> > #export RESTRICT_VERBOSE=1
> > export RESTRICT_CAPS=cap_sys_time,cap_net_bind_service,cap_sys_nice,cap_ipc_lock=pe
> > export RESTRICT_CHROOT=/var/chroot/ntp/
> > export RESTRICT_FAKEUID=0
> >
> > LD_PRELOAD=/usr/lib/librestrict.so /usr/sbin/ntpd
> >
> > a jailen belul csak az ntp.cfg kell.
>
> Meg /etc/hosts, /etc/resolv.conf es /etc/nsswitch.conf sem?
> Es /dev/null es /dev/log? Egy /tmp konyvtar?
fw:/var/chroot/ntp# find
.
./etc
./etc/timezone
./etc/localtime
./etc/ntp.conf
./lib
./sbin
./usr
./usr/bin
./usr/lib
./usr/lib/gconv
./usr/sbin
./usr/share
./usr/share/doc
./usr/share/man
./usr/share/zoneinfo
./usr/share/zoneinfo/Europe
./usr/share/zoneinfo/Europe/Budapest
./var
./var/lib
./var/lib/misc
./var/lib/ntp
./dev
./dev/null
./dev/log
./tmp
itt a hozza tartozo jailer.conf:
<ntp>
Root: /var/chroot/ntp
Junk-Debs: libc6 ldso ntp
Debs: ntp
Conf: /etc/ntp.conf
Extra: /dev/null /etc/timezone /etc/localtime /usr/share/zoneinfo/Europe/Budapest
</ntp>
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1