Jailkit

From wiki.filipefonseca.pt
Jump to navigation Jump to search

About Jailkit

Jailkit is a set of utilities to enhance the possibilities of chroot jails. Jailkit contains a set of tools and config files to automate the deployment of chroot jails. Jailkit also contains various tools to limit user accounts to specific files or specific commands, configured from a config file. Setting up a chroot shell, a shell limited to some specific command, or a daemon inside a chroot jail is a lot easier and can be automated using these utilities.

Jailkit is a specialized set of tools that is developed with a focus on security. It will abort in a secure way if the configuration, the system setup or the environment is not 100% secure, and it will send useful log messages that explain what is wrong to syslog.

Jailkit is very stable software with a very stable and high quality codebase. It is known to be used in network security appliances from several leading IT security firms, internet servers from several large enterprise organizations, internet servers from internet service providers, as well as many smaller companies and private users that need to secure cvs, sftp, shell or daemon processes.

Home Page

   https://olivier.sessink.nl/jailkit/

Download

   cd /tmp
   wget http://olivier.sessink.nl/jailkit/jailkit-2.22.tar.gz
   tar xvfz jailkit-2.22.tar.gz
   cd jailkit-2.22

Prepare Dependencies(Debian)

   apt install build-essential autoconf automake1.11 libtool flex bison debhelper binutils-gold python -y

Install

   echo 5 > debian/compat
   ./debian/rules binary
   cd ..
   dpkg -i jailkit_2.22-1_amd64.deb

Remove used files

   rm -rf /tmp/jailkit*

Add User/Jail

   mkdir -p /home/jails/USERFOLDER
   jk_init -v /home/jails/USERFOLDER ssh sftp basicshell jk_lsh bash editors extendedshell scp rsync ...
   jk_jailuser -m -j /home/jails/USERFOLDER USR

Add apps to jail

   jk_cp  -v -j /home/jails/USERFOLDER /usr/bin/id


SSH modification

   #define username to apply chroot jail to
       #Match group ssh-users
       Match user USER
   #specify chroot jail
       #ChrootDirectory /home/jail
       ChrootDirectory /home/jails/USER

FStab modification

   # create dev folder
       mkdir -p /home/jails/USERFOLDER/dev/pts
   # chroot USER bind
       /ORIGINAL_DEFAULT_FOLDER/		/home/jails/USERFOLDER/DESTINATION_FOLDER    	none	bind			0	0
       /dev/pts                    	/home/jails/USERFOLDER/dev/pts		    		none	defaults,bind		0	0
Retrieved from "http://wiki.filipefonseca.pt/index.php?title=Jailkit&oldid=5194"