Re: Putting Apache, PHP, Tomcat and CGI in a jail

[Martynas Domarkas <md@hansa.lt>]

Hi, I'm currently trying to use makejail... it does not work very good.
Simple way is copy /bin/bash with libraries (try ldd /bin/bash to find
out which libs you need), so you can do chroot /your/chroot/dir. After
do dpkg -L apache and copy contents of apache package to chroot, also
repeat it with apache-common, tomcat, libapache-mod-php and so on. Then
chroot to  /your/chroot/dir and try start apache. System will tell you
some "nice" words about missing libraries, and you copy needed libraries
to chroot dir. It takes long time, but you will be sure that no
duplicate files are copied, and only needed libs is in your jail.

CGI works well, also SSL.  

Regards,
Martynas

 
Pn, 2003-01-03 19:19, Stefano Salvi rašė:
> I'm setting up my new server, based on Debian Woody.
> I have to host our school website.
> This site uses parts written in PHP4, and some CGIs. I also want to setup 
> tomcat for a future possible use of JSP an servlets.
> I think it would be wise to put all this stuff in a chroot jail, but I 
> wonder if it is at all possible.
> Makejail from testing has a script about apache, but does it support Tomcat 
> and PHP4?
> And how about CGIs?
> Do I risk to duplicate all the system in the jail?
> Any suggestion?
> Thank you in advance
>          Stefano Salvi
> 
> =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=
>                          _|_
>                       ----O----
> Ing. Stefano Salvi           mailto:s.salvi@libero.it
> Viale L. Vaschi, 15    mailto:stefano.salvi@inwind.it
> 46100 Mantova (MN)            mailto:salvi@itis.mn.it
> +39 0376 321572      http://digilander.iol.it/salvis/
> +39 0347 3820490        http://www.salvi.mn.it/stefano/
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>