[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ next ]


Securing Debian Manual
Appendix H - Chroot environment for Apache


H.1 Introduction

The chroot utility is often used to jail a daemon in a restricted tree. You can use it to insulate services from one another, so that security issues in a software package do not jeopardize the whole server. When using the makejail script, setting up and updating the chrooted tree is much easier.

FIXME: Apache can also be chrooted using http://www.modsecurity.org which is available in libapache-mod-security (for Apache 1.x) and libapache2-mod-security (for Apache 2.x).


H.1.1 Licensing

This document is copyright 2002 Alexandre Ratti. It has been dual-licensed and released under the GPL version 2 (GNU General Public License) the GNU-FDL 1.2 (GNU Free Documentation Licence) and is included in this manual with his explicit permission. (from the original document)


H.2 Installing the server

This procedure was tested on Debian GNU/Linux 3.0 (Woody) with makejail 0.0.4-1 (in Debian/testing).

The reason I like this is because setting up the jail is not very difficult and the server can be updated in just two lines:

      
     apt-get update && apt-get install apache
     makejail /etc/makejail/apache.py

H.3 See also

If you are looking for more information you can consider these sources of information in which the information presented is based:


[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ next ]


Securing Debian Manual

Version: 3.16, built on Sun, 08 Apr 2012 02:48:09 +0000

Javier Fernández-Sanguino Peña jfs@debian.org
Authors, Section 1.1