# gzip -d zlib-1.2.3.tar.gz # tar -xf zlib-1.2.3.tar #./configure && make && make install |
# gzip -d openssh-4.2p1-chroot.tar.gz # tar -xf openssh-4.2p1-chroot.tar #./configure && make && make install # ssh -V OpenSSH_4.2-chrootsshp1, OpenSSL 0.9.7a Feb 19 2003 |
# ldd /bin/bash linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0x005a4000) libdl.so.2 => /lib/libdl.so.2 (0x00468000) libc.so.6 => /lib/tls/libc.so.6 (0x0031a000) /lib/ld-linux.so.2 (0x00301000) |
echo "/usr/local/libexec/sftp-server" >> /etc/shells |
#WE NEED THE USERS NAME AS FIRST SETTING #AND THE PASSWORD AS THE SECOND #USAGE: setup-chroot bob bob NAME=$1 PASS=$2 #CREATE INITIAL FOLDERS mkdir -p /data/lockhome/$NAME/$NAME cd /data/lockhome/$NAME mkdir etc mkdir bin mkdir lib mkdir usr mkdir usr/bin mkdir dev mkdir -p ./usr/local/bin mkdir -p ./usr/local/libexec/ mknod dev/null c 1 3 mknod dev/zero c 1 5 #COPY IN WANTED BINARIES AND RELATED LIBRARIES cd /data/lockhome/$NAME for bins in /bin/bash /usr/local/libexec/sftp-server /bin/ls /bin/mkdir /bin/mv /bin/rm /bin/rmdir do cp -v --reply=yes $bins ./$bins ldd $bins > /dev/null if [ "$?" = 0 ] then LIBS=`ldd $bins | awk '{ print $3 }'` for l in $LIBS do mkdir -p ./`dirname $l` > /dev/null 2>&1 cp -v --reply=yes $l ./$l done LIBS2=`ldd $bins | grep -v -e "=>" | awk '{ print $1 }'` for u in $LIBS2 do mkdir -p ./`dirname $u` > /dev/null 2>&1 cp -v --reply=yes $u ./$u done fi done #TIDY UP AND DO CREDENTIALS cd bin ln -s ./bash ./sh cd .. touch etc/passwd grep /etc/passwd -e "^root" > etc/passwd #CREATE USER /usr/sbin/useradd -s /usr/local/libexec/sftp-server -m -d /data/lockhome/$NAME/./$NAME/$NAME $NAME echo $PASS | passwd $NAME --stdin grep /etc/passwd -e "^$NAME" >> /data/lockhome/$NAME/etc/passwd |
cd openssh-x.x-chroot wget http://sftplogging.sourceforge.net/download/v1.4/openssh-x.x.sftplogging-v1.4.patch make clean patch < openssh-x.x.sftplogging-v1.4.patch ./configure make && make install |
#vi /usr/local/etc/sshd_config --now make sure you have the following section (these settings work for me, tweak them to fit your needs) LogSftp yes #SftpLogfacility # Default is AUTH, see /etc/syslog.conf for more info SftpLogLevel DEBUG3# Default is INFO #SftpUmask # Set a global umask for sftp SftpPermitChmod yes # Allow, or disallow chmod SftpPermitChown yes # Allow, or disallow chown/chgrp # /etc/init.d/sshd restart |
mksock /<chroot jail>/dev/log |