RE: [mod-security-users] chroot and mod security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] chroot and mod security
|
From: Jim H. <jim...@rc...> - 2004-01-15 00:07:55
|
Ivan, Thank you very much for the response. When I get home tonight I will try your solution. I guess I am confused about how chroot() works or needs to work. I thought the entire apache tree, in my case /usr/local/apche2 would have to present and part of the root jail. I saw in the documentation where the libraries are loaded prior to the jail taking effect. How do other apache helper binaries get executed, are they also loaded in to the httpd code? From your explanation I see my understanding is wrong. Thank you for the help. Regards, Jim -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: Wednesday, January 14, 2004 4:37 PM To: jim...@rc... Cc: mod...@li... Subject: Re: [mod-security-users] chroot and mod security > I need to run a chroot for the apache server. I have the > code installed with the default path /usr/local/apache2. I > am using the SecChrootDir directive but I can't seem to get > it right. I will see a directory doesn't exist or like > message in the logfile. What exactly does it say? > Shouldn't the chroot'd jail be /usr/local/apache2? No, not really. It depends on where you've put your document root. Assuming it's in /usr/local/apache2/htdocs, the easiest way to do a chroot is to create a folder /chroot/usr/local/apache2/htdocs, put the web site there (just the web site, leave everything else as is), and chroot with "SecChrootDir /chroot/". That way you won't have to change your httpd.conf much and you can easily switch between a chrooted and the non-chrooted installation. I guess that more documentation on chrooting is needed, I'll see that I update it soon. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
