[ précédent ] [ Table des matières ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ I ] [ J ] [ suivant ]

Manuel de sécurisation de Debian
Annexe H - Chroot environment for SSH


Creating a restricted environment for SSH is a tough job due to its dependencies and the fact that, unlike other servers, SSH provides a remote shell to users. Thus, you will also have to consider the applications users will be allowed to use in the environment. If you create this file structure in, for example /var/chroot/ssh, you could start the ssh server chroot'ed with this command:

       # chroot /var/chroot/ssh /sbin/sshd -f /etc/sshd_config

H.1 Automatically making the environment (the easy way)

You can easily create a restricted environment with the makejail package, since it automatically takes care of tracing the server daemon (with strace), and makes it run under the restricted environment.

The advantage of programs that automatically generate chroot environments is that they are capable of copying any package to the chroot environment (even following the package's dependencies and making sure it's complete). Thus, providing user applications is easier.

To set up the environment using makejail's provided examples, just use the command:

       # makejail /usr/share/doc/makejail/examples/sshd.py

Read the sample file to see what other changes need to be made to the environment. Some of these changes, such as copying user's home directories, cannot be done automatically. Also, limit the exposure of sensitive information by only copying the data from a given number of users from the files /etc/shadow or /etc/group.

The following sample environment has been (slightly) tested and is built with the configuration file provided in the package and includes the fileutils package:

     .
     |-- bin
     |   |-- ash
     |   |-- bash
     |   |-- chgrp
     |   |-- chmod
     |   |-- chown
     |   |-- cp
     |   |-- csh -> /etc/alternatives/csh
     |   |-- dd
     |   |-- df
     |   |-- dir
     |   |-- fdflush
     |   |-- ksh
     |   |-- ln
     |   |-- ls
     |   |-- mkdir
     |   |-- mknod
     |   |-- mv
     |   |-- rbash -> bash
     |   |-- rm
     |   |-- rmdir
     |   |-- sh -> bash
     |   |-- sync
     |   |-- tcsh
     |   |-- touch
     |   |-- vdir
     |   |-- zsh -> /etc/alternatives/zsh
     |   `-- zsh4
     |-- dev
     |   |-- null
     |   |-- ptmx
     |   |-- pts
     |   |-- ptya0
     (...)
     |   |-- tty
     |   |-- tty0
     (...)
     |   `-- urandom
     |-- etc
     |   |-- alternatives
     |   |   |-- csh -> /bin/tcsh
     |   |   `-- zsh -> /bin/zsh4
     |   |-- environment
     |   |-- hosts
     |   |-- hosts.allow
     |   |-- hosts.deny
     |   |-- ld.so.conf
     |   |-- localtime -> /usr/share/zoneinfo/Europe/Madrid
     |   |-- motd
     |   |-- nsswitch.conf
     |   |-- pam.conf
     |   |-- pam.d
     |   |   |-- other
     |   |   `-- ssh
     |   |-- passwd
     |   |-- resolv.conf
     |   |-- security
     |   |   |-- access.conf
     |   |   |-- chroot.conf
     |   |   |-- group.conf
     |   |   |-- limits.conf
     |   |   |-- pam_env.conf
     |   |   `-- time.conf
     |   |-- shadow
     |   |-- shells
     |   `-- ssh
     |       |-- moduli
     |       |-- ssh_host_dsa_key
     |       |-- ssh_host_dsa_key.pub
     |       |-- ssh_host_rsa_key
     |       |-- ssh_host_rsa_key.pub
     |       `-- sshd_config
     |-- home
     |   `-- userX
     |-- lib
     |   |-- ld-2.2.5.so
     |   |-- ld-linux.so.2 -> ld-2.2.5.so
     |   |-- libc-2.2.5.so
     |   |-- libc.so.6 -> libc-2.2.5.so
     |   |-- libcap.so.1 -> libcap.so.1.10
     |   |-- libcap.so.1.10
     |   |-- libcrypt-2.2.5.so
     |   |-- libcrypt.so.1 -> libcrypt-2.2.5.so
     |   |-- libdl-2.2.5.so
     |   |-- libdl.so.2 -> libdl-2.2.5.so
     |   |-- libm-2.2.5.so
     |   |-- libm.so.6 -> libm-2.2.5.so
     |   |-- libncurses.so.5 -> libncurses.so.5.2
     |   |-- libncurses.so.5.2
     |   |-- libnsl-2.2.5.so
     |   |-- libnsl.so.1 -> libnsl-2.2.5.so
     |   |-- libnss_compat-2.2.5.so
     |   |-- libnss_compat.so.2 -> libnss_compat-2.2.5.so
     |   |-- libnss_db-2.2.so
     |   |-- libnss_db.so.2 -> libnss_db-2.2.so
     |   |-- libnss_dns-2.2.5.so
     |   |-- libnss_dns.so.2 -> libnss_dns-2.2.5.so
     |   |-- libnss_files-2.2.5.so
     |   |-- libnss_files.so.2 -> libnss_files-2.2.5.so
     |   |-- libnss_hesiod-2.2.5.so
     |   |-- libnss_hesiod.so.2 -> libnss_hesiod-2.2.5.so
     |   |-- libnss_nis-2.2.5.so
     |   |-- libnss_nis.so.2 -> libnss_nis-2.2.5.so
     |   |-- libnss_nisplus-2.2.5.so
     |   |-- libnss_nisplus.so.2 -> libnss_nisplus-2.2.5.so
     |   |-- libpam.so.0 -> libpam.so.0.72
     |   |-- libpam.so.0.72
     |   |-- libpthread-0.9.so
     |   |-- libpthread.so.0 -> libpthread-0.9.so
     |   |-- libresolv-2.2.5.so
     |   |-- libresolv.so.2 -> libresolv-2.2.5.so
     |   |-- librt-2.2.5.so
     |   |-- librt.so.1 -> librt-2.2.5.so
     |   |-- libutil-2.2.5.so
     |   |-- libutil.so.1 -> libutil-2.2.5.so
     |   |-- libwrap.so.0 -> libwrap.so.0.7.6
     |   |-- libwrap.so.0.7.6
     |   `-- security
     |       |-- pam_access.so
     |       |-- pam_chroot.so
     |       |-- pam_deny.so
     |       |-- pam_env.so
     |       |-- pam_filter.so
     |       |-- pam_ftp.so
     |       |-- pam_group.so
     |       |-- pam_issue.so
     |       |-- pam_lastlog.so
     |       |-- pam_limits.so
     |       |-- pam_listfile.so
     |       |-- pam_mail.so
     |       |-- pam_mkhomedir.so
     |       |-- pam_motd.so
     |       |-- pam_nologin.so
     |       |-- pam_permit.so
     |       |-- pam_rhosts_auth.so
     |       |-- pam_rootok.so
     |       |-- pam_securetty.so
     |       |-- pam_shells.so
     |       |-- pam_stress.so
     |       |-- pam_tally.so
     |       |-- pam_time.so
     |       |-- pam_unix.so
     |       |-- pam_unix_acct.so -> pam_unix.so
     |       |-- pam_unix_auth.so -> pam_unix.so
     |       |-- pam_unix_passwd.so -> pam_unix.so
     |       |-- pam_unix_session.so -> pam_unix.so
     |       |-- pam_userdb.so
     |       |-- pam_warn.so
     |       `-- pam_wheel.so
     |-- sbin
     |   `-- start-stop-daemon
     |-- usr
     |   |-- bin
     |   |   |-- dircolors
     |   |   |-- du
     |   |   |-- install
     |   |   |-- link
     |   |   |-- mkfifo
     |   |   |-- shred
     |   |   |-- touch -> /bin/touch
     |   |   `-- unlink
     |   |-- lib
     |   |   |-- libcrypto.so.0.9.6
     |   |   |-- libdb3.so.3 -> libdb3.so.3.0.2
     |   |   |-- libdb3.so.3.0.2
     |   |   |-- libz.so.1 -> libz.so.1.1.4
     |   |   `-- libz.so.1.1.4
     |   |-- sbin
     |   |   `-- sshd
     |   `-- share
     |       |-- locale
     |       |   `-- es
     |       |       |-- LC_MESSAGES
     |       |       |   |-- fileutils.mo
     |       |       |   |-- libc.mo
     |       |       |   `-- sh-utils.mo
     |       |       `-- LC_TIME -> LC_MESSAGES
     |       `-- zoneinfo
     |           `-- Europe
     |               `-- Madrid
     `-- var
         `-- run
             |-- sshd
             `-- sshd.pid
     
     27 directories, 733 files

[ précédent ] [ Table des matières ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ I ] [ J ] [ suivant ]

Manuel de sécurisation de Debian

2.95 5 marzo 2004Vendredi 4 juillet 2003 23:13:42 +0100

Javier Fernández-Sanguino Peña jfs@computer.org