RE: [mod-security-users] chroot and mod security

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Jim,  

Would be so kind as to send your Apache configuration specifics?  If you
look at the message thread regarding my Apache configuration, you should get
an idea of the information for which I'm looking.  I suspect that is may be
a httpd.conf configuration issue as the following error would seem to
indicate:  

> directory: mod_security: Could not create modsec_debuglog_lock

Also, are you running Apache 1.x or 2.x?  

- Christopher  

> -----Original Message-----
> From: Jim Horwath [mailto:jim...@rc...]
> Sent: Tuesday, January 20, 2004 6:25 AM
> To: 'Ivan Ristic'
> Cc: mod...@li...
> Subject: RE: [mod-security-users] chroot and mod security
> 
> 
> Ivan/Others,
> 
> Thanks for your input. I worked on chroot'ing my apache 
> server last weekend.
> I must be either missing something simple or I am misunderstanding
> something. I am trying to start simple display a simple 
> static html page. I
> have the SecChRoot near the bottom of the httpd.conf file, I 
> tried moving it
> to other sections, but it doesn't seem to matter.  I ran a 
> strace on the
> httpd daemon and didn't see anything that jumped out at me.  
> As soon as I
> remove the SecChroot entry the server starts fine.  I created 
> a directory
> /chroot/usr/local/apache2/htdocs with the correct 
> permissions.  To run out a
> missing file I even copied the entire /usr/local/acpahe2 
> structure to the
> chroot'd directory.  I looked at the code and saw the file is 
> s mutex file
> (memory communication?). I am sorry for pestering, but I 
> really want to get
> chroot'ing working with my web server.
> 
> Here is the entry from the error log:
> 
> Jan 20 05:43:51 kazoo httpd[29589]: [warn] Init: Session Cache is not
> configured [hint: SSLSessionCache] 
> Jan 20 05:43:51 kazoo httpd[29591]: [notice] Digest: 
> generating secret for
> digest authentication ... 
> Jan 20 05:43:51 kazoo httpd[29591]: [notice] Digest: done 
> Jan 20 05:43:51 kazoo httpd[29591]: [error] mod_security: 
> Performed chroot,
> path=/chroot 
> Jan 20 05:43:51 kazoo httpd[29591]: [error] (2)No such file or
> directory: mod_security: Could not create modsec_debuglog_lock
> 
> 
> Thanks in advance,
> 
> Jim
> 
> -----Original Message-----
> From: mod...@li...
> [mailto:mod...@li...] On 
> Behalf Of Ivan
> Ristic
> Sent: Wednesday, January 14, 2004 4:37 PM
> To: jim...@rc...
> Cc: mod...@li...
> Subject: Re: [mod-security-users] chroot and mod security
> 
> 
> > I need to run a chroot for the apache server.  I have the 
> > code installed with the default path /usr/local/apache2.  I 
> > am using the SecChrootDir directive but I can't seem to get 
> > it right.  I will see a directory doesn't exist or like 
> > message in the logfile.
> 
>   What exactly does it say?
> 
> 
> > Shouldn't the chroot'd jail be /usr/local/apache2?  
> 
>   No, not really. It depends on where you've put your
>   document root. Assuming it's in /usr/local/apache2/htdocs,
>   the easiest way to do a chroot is to create a folder
>   /chroot/usr/local/apache2/htdocs, put the web site there
>   (just the web site, leave everything else as is),
>   and chroot with "SecChrootDir /chroot/".
> 
>   That way you won't have to change your httpd.conf much
>   and you can easily switch between a chrooted and
>   the non-chrooted installation.
> 
>   I guess that more documentation on chrooting is needed, I'll
>   see that I update it soon.
> 