HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_387
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 387 Step 9 Copy the “localtime” file to the jail so that log entries are adjusted for your local timezone properly: [root@deep /]# cp /etc/localtime /chroot/httpd/etc/ Step 10 Remove unnecessary Apache files and directories: [root@deep /]# rm -rf /var/log/httpd/ [root@deep /]# rm -rf /etc/httpd/ [root@deep /]# rm -rf /home/httpd/ [root@deep /]# rm -f /usr/sbin/httpd We can remove safety all the above files and directories since there are now locate under our chroot jail directory. Step 11   Tell syslogd about the new chrooted service. Normally, processes talk to syslogd through “/dev/log”. As a result of the chroot jail, this won't be possible, so syslogd needs to be told to listen to “/chroot/httpd/dev/log”. To do this, edit the syslog startup script to specify additional places to listen. Edit the syslog script (vi /etc/rc.d/init.d/syslog) to change the line: daemon syslogd -m 0  To read: daemon syslogd -m 0 -a /chroot/httpd/dev/log Step 12   The defaults httpd script file of Apache start the daemon “httpd” outside the chroot jail, we must change it to start httpd from the chroot jail. Edit the  httpd script file (vi /etc/rc.d/init.d/httpd) and change the line: daemon httpd To read: /usr/sbin/chroot /chroot/httpd/ /usr/sbin/httpd -DSSL rm -f /var/run/httpd.pid To read: rm -f /chroot/httpd/var/run/httpd.pid Step 13 Finally, we must test the new chrooted jail configuration of our Apache Web Server. · The first thing to do is to restart our syslogd daemon with the following command: [root@deep /]# /etc/rc.d/init.d/syslog restart Shutting down kernel logger:                                 [  OK  ] Shutting down system logger:                                 [  OK  ] Starting system logger:                                      [  OK  ] Starting kernel logger:                                          [  OK  ] · Now, start the new chrooted jail Apache with the following command: