Hello
I'm having some major problems getting chroot to work properly with mod_security.. hoping someone will be able to help.
Currently, I'm trying to get chroot to fall into /var/chroot/apache. My apache version is apache-2.0.52-r1 and using mod_security-1.8.6.
I've created the following directories within the chroot jail
/var/chroot/apache/var/run
/var/chroot/apache/var/www
/var/chroot/apache/usr/lib/apache2
I've moved my apache files (/usr/lib/apache2) to /var/chroot/apache/usr/lib/apache2.
I've created a symlink in /usr/lib/apache2 to point to /var/chroot/apache/usr/lib/apache2.
based off of this link: http://sourceforge.net/mailarchive/forum.php?thread_id=5863509&forum_id=33492
I've edit'd the conf with this value for jail:
SecChrootDir /var/chroot/apache
I've edit'd the /etc/apache2.conf with the following values:
ServerRoot /var/chroot/apache/usr/lib/apache2
DocumentRoot /var/chroot/apache/var/www/localhost/htdocs
LoadModule security_module extramodules/mod_security.so (this is at the top of the module stack)
Apache starts fine.. drops the pid in /var/chroot/apache/var/run/apache2.pid
but when I try to navigate to the webroot.. I constantly get a 403 forbidden error. Viewing the error logs (/var/log/apache2/error_log), I get this:
[Thu Jan 13 17:20:01 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:01 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:02 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:02 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
I've copied /var/www /var/chroot/apache/var/www. I'm not sure why it wants to only go to /var/chroot????
Any help is greatly appreciated!!!
thanks
hanji
|
