Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to install jailkit in the Linux system, the content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Jailkit is a toolset that can quickly create restricted user accounts in a chroot jail. It contains a security log daemon, shells can restrict users, open and set up chroot jail daemon tools.

[procedure]

1. Download the relevant software:

The code is as follows:

Wget-c http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz

two。 Decompress, compile, install and other operations

The code is as follows:

Tar zxvf jailkit-2.11.tar.gz

Cd jailkit-2.11

. / configure

Make & & make install

Cp extra/jailkit / etc/init.d/

Chmod 755 / etc/init.d/jailkit

Chkconif jailkit on

3. Installation is relatively simple, on the above steps, please come down to configure the chroot environment.

a. Create a chroot directory:

The code is as follows:

Mkdir / home/sky / / # / home/sky is the virtual root directory

b. Initialize the virtual chroot environment: (copy the appropriate link library to the / home/sky/ directory)

The code is as follows:

Jk_init-v-j / home/sky/ sftp scp ssh jk_lsh extendedshell

In fact, this step is relative to refactoring a small system, / home/sky is the root directory, and then create

This subsystem needs the corresponding link libraries and other related directories or files.

4. After the basic configuration is completed, the next step is to test whether the initial requirements are met:

a. Create a test user: there are two ways to use the commands that come with the system, or you can use / usr/sbin/jk_addjailuser.

The code is as follows:

Jk_addjailuser-d / home/test3 / home/sky/ test3 # create test3 user

If the system user has already created it, you only need to move it to the chroot environment with the following command

The code is as follows:

Jk_jailuser-m-n-j / home/sky/-- shell=/bin/bash test1

Echo "111111" | passwd test1-- stdin / / # change the password to facilitate later ssh testing.

After completing the above steps, test.

[test steps]

The code is as follows:

Su-test1 # # switch to test1 user

Pwd

/ home/test1

Cd / tmp

Bash: cd: / tmp: No such file or directory

Touch a

Mkdir tmp / / # set up the tmp directory, notice here is / home/test1/tmp

Actually, the corresponding system directory is / home/sky/home/tes1/tmp. Don't get me wrong.

Then use ssh to test.

Ssh test1@192.168.3.XX

Test1@192.168.3.XX's password:

The same effect can be tested more. At this point, there is a question of how to limit the use of limited commands?

Let's take a look.

The code is as follows:

Ls-l / home/sky/

Total 28

Drwxr-xr-x 2 root root 4096 11-09 10:34 bin

Drwxr-xr-x 2 root root 4096 11-09 10:34 dev

Drwxr-xr-x 3 root root 4096 11-09 10:34 etc

Drwxr-xr-x 5 root root 4096 11-10 20:34 home

Drwxr-xr-x 2 root root 4096 11-09 10:34 lib

Drwxr-xr-x 2 root root 4096 11-09 10:34 lib64

Drwxr-xr-x 7 root root 4096 11-09 10:34 usr

# now you understand that you only need to delete the files in the bin directory, then the user cannot use the corresponding command [/ code]

Use jailkit to establish a restricted SSH account

SSH Tunnel is a very useful thing, such as creating a SSH tunnel:

The code is as follows:

Ssh-qTfnN-D 7070 user_name@host_home

However, when sharing the SSH account, it is found that if the directory of the SSH user is not restricted, all the files on the server will be glanced over. After searching, we found the chroot tool jailkit. Allows administrators to set up a dedicated user to provide SSH Tunnel services to prevent them from seeing files on the server.

First set home/jail (or other directories) to the jail directory

[/ code]

Mkdir / log

Jk_init-v-j / log basicshell ssh jk_ LSH [/ code]

Create users and add them to jail

The code is as follows:

Useradd onlinelog

Passwd onlinelog

Jk_jailuser-m-j / log-s / bin/bash onlinelog

Jk_cp-v-k-f-j / log / usr/bin/tail

Jk_cp-v-k-f-j / log / usr/bin/vim

Jk_cp-v-k-f-j / log / usr/bin/id

Start jailkit

The code is as follows:

Service jailkit start

On how to install jailkit in the Linux system to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.