[mod-security-users] Using SecChrootDir Directive

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

 I've looked at the modsecurity reference manual and would like to try 
using the SecChrootDir directive to chroot my apache installation.  I'm 
not too familiar with chrooting daemons etc but do understand it's 
purpose for security.  I'm just not sure about what I need for a 
directory structure in order to ensure modsecurity will chroot 
successfully.  I'll try outline my step and some background.

 I'm running Apache 2.0.53 using mod_security 1.8.7.  I've installed 
modsecurity successfully and it seems to be working using a very simple 
ruleset on my test box.

Apache Installation:  /usr/local/apache
Document Root: /webs
Apache Logs: /webs/logs

Setting up SecChrootDir  /chroot/apache
Okay, this is probably the part I'm confused about, setting up the 
directories underneath the /chroot directory.   Do I symbolic links to 
the apache install directory for each subfolder?  what do I do about my 
document root and or logs directory?  Should I use symbolic links for 
them as well?

I guess this the part that I'm struggling with when setting up 
modsecurity to chroot apache.  Any help would be appreciated. Thank You.