Break The Limits™: April 2014

Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.

Setup the compiler :

Centos : yum groupinstall "Development Tools"

Ubuntu : apt-get install build-essential

Download & Install

http://olivier.sessink.nl/jailkit/index.html#download

# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
# tar -zxvf jailkit-2.11.tar.gz
# cd jailkit-2.11
# ./configure
# make
# make install

Setting up the jail

make clean
export LDFLAGS="-pthread"
./configure && make

Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:

# mkdir /home/jail
# chown root:root /home/jail

jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).

# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh

Add a user

Add a new user with a home directory and bash shell, and set the password:

# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser

Now it’s time to jail this user, use the following command:

# jk_jailuser -m -j /home/jail testuser

Your /etc/passwd should contain something like this now:

testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh

Enable bash

By using jk_cp the bash libraries are be copied to the jail:

# jk_cp -v -f /home/jail /bin/bash

Now edit the /home/jail/etc/passwd file and make sure it contains something like this:

testuser:x:1001:1001::/home/testuser:/bin/bash

Maintenance

By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:

# jk_update -j /home/jail -d

Without the -d argument the real update is performed. More maintenance operations can be found here.

Help Taken

http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html

http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )

This one also

This is been checked & verified , Working Properly

Break The Limits™

Tuesday, April 15, 2014

Simple & easy way to jail users | Ubuntu