Securing your linux server
This tutorial goes step by step, so it will easy to do and in my opinion it will secure your server. Dont forget, this manual, i think will work on Debian linux.
1. cd /tmp
Now you have to download some system files, without theirs chroot ssh/sftp didin't work. So just write in command line:
apt-get install openssl libssl-dev bzip2 build-essential
Now you have to download chroot jail files.
wget
http://chrootssh.sourceforge.net/download/openssh-4.5p1-chroot.tar.bz2
Just untar with command:
tar xvfj openssh-4.5p1-chroot.tar.bz2
Installing...
cd openssh-4.5p1-chroot
./configure –exec-prefix=/usr –sysconfdir=/etc/ssh –with-pam
make
make install
2. Now you have to create chroot environment. E.g. /home/jail/ - in this directory will be chrooted users. Now you have to create some directories:
mkdir -p /home/jail/home/
cd /home/jail
mkdir -p usr/lib/openssh
mkdir etc
mkdir etc/pam.d/
mkdir bin
mkdir lib
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
And write this:
chmod 666 dev/null
chmod 666 dev/zero
Now you must download file:
wget http://web.listen.lt/upload/files/create_chroot_env.txt
now rename it:
mv create_chroot_env.txt create_chroot_env
If you want to give more available commands to user, just insert them into APPS line.
Now make that file executable and start:
chmod 700 /usr/local/sbin/create_chroot_env
create_chroot_env
Now you must copy some files to chrooted ssh directory:
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2/lib/ld-linux.so.2 /lib/libcap.so.1 /lib/libnss_dns.so.2 ./lib/
cp /etc/hosts etc/
cp /etc/resolv.conf etc/
cp /etc/pam.d/* etc/pam.d/
cp -r /lib/security lib/
cp -r /etc/security etc/
cp /etc/login.defs etc/
cp /usr/lib/libgssapi_krb5.so.2 usr/lib/
cp /usr/lib/libkrb5.so.3 usr/lib/
cp /usr/lib/libk5crypto.so.3 usr/lib/
cp /lib/libcom_err.so.2 lib/
cp /usr/lib/libkrb5support.so.0 usr/lib/
echo ‘#!/bin/bash’ > usr/bin/groups
echo “id -Gn” >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e “^root” > etc/passwd
grep /etc/group -e “^root” -e “^users” > etc/group
Restart SSH daemon with command:
/etc/init.d/ssh restart
3. Making chrooted users.
To create user, just write like this:
useradd -s /bin/bash -m -d /home/jail/./home/testuser -c “testuser” -g users testuser
To change the password to the user:
passwd testuser
And copy one line:
grep /etc/passwd -e “^testuser” >> /home/jailetc/passwd
That's all, good luck.
Comments
No comments yet. Be first!