Tuesday, April 15, 2014

Simple & easy way to jail users | Ubuntu

Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.

Setup the compiler :
Centos       : yum groupinstall "Development Tools"

Ubuntu : apt-get install build-essential

Download & Install
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
# tar -zxvf jailkit-2.11.tar.gz
# cd jailkit-2.11
# ./configure
# make
# make install
Setting up the jail
make clean
export LDFLAGS="-pthread"
./configure && make

Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Help Taken
This is been checked & verified , Working Properly