From owner-freebsd-security@FreeBSD.ORG Tue Dec 21 13:34:17 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9003716A4CE for ; Tue, 21 Dec 2004 13:34:17 +0000 (GMT) Received: from virtual.micronet.sk (smtp-r3.micronet.sk [213.215.96.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFD8743D1F for ; Tue, 21 Dec 2004 13:34:14 +0000 (GMT) (envelope-from danger@wilbury.sk) Received: from localhost (localhost [127.0.0.1]) by virtual.micronet.sk (Postfix) with ESMTP id 58BBF10E533; Tue, 21 Dec 2004 14:42:03 +0100 (CET) Received: from virtual.micronet.sk ([127.0.0.1]) by localhost (virtual.micronet.sk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36750-07; Tue, 21 Dec 2004 14:41:59 +0100 (CET) Received: from danger.mcrn.sk (danger.mcrn.sk [84.16.37.254]) by virtual.micronet.sk (Postfix) with ESMTP id 0A6CF10E54D; Tue, 21 Dec 2004 14:41:58 +0100 (CET) Date: Tue, 21 Dec 2004 14:33:48 +0100 From: DanGer X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <993621639.20041221143348@wilbury.sk> To: Nigel Houghton , freebsd-security@freebsd.org In-Reply-To: <20041220221928.GA2698@sourcefire.com> References: <6.2.0.14.2.20041220142255.06260ca0@localhost> <20041220212304.GV792@sourcefire.com> <6.2.0.14.2.20041220145924.0624c328@localhost> <20041220221928.GA2698@sourcefire.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at virtual.micronet.sk Subject: Re[2]: chroot-ing users coming in via SSH and/or SFTP? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: DanGer List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2004 13:34:17 -0000 Hi Nigel, Monday, December 20, 2004, 11:19:29 PM, si napisal: > On 0, Brett Glass allegedly wrote: >> At 02:23 PM 12/20/2004, Nigel Houghton wrote: >> >> >Is there something wrong with using the scponly shell for the users? >> >> Mainly that I hadn't heard of it until you mentioned it. ;-) >> Thank you! (I knew I could get a quick answer, if there was one, >> from the list.) > aha, ok, good. >> I just tried building it (twice, because the first time I didn't >> realize that it required a special variable to be defined before >> it would set itself up to chroot users). I'll be testing it shortly >> to be sure that the "jails" created by its sample script (which >> creates both the user ID and the jail) have everything needed for >> FreeBSD. >> >> It'd be nice if there were a more centralized "chroot" facility >> that covered SSH, FTP, and other things as well. >> >> --Brett > Take a look at the Jail project, you'll find it here... > http://www.jmcresearch.com/projects/jail/ > ..and in ports/sysutils/ along with some other jail tools, it may > provide some of the features you are looking for. > +-----------------------------------------------------------------+ > Nigel Houghton Research Engineer Sourcefire Inc. > Vulnerability Research Team > Stewie: You know, I rather like this God fellow. Very theatrical, > you know. Pestilence here, a plague there. Omnipotence > ...gotta get me some of that. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" maybe somebody should port this: http://chrootssh.sourceforge.net/index.php it seems good :-) -- Sincerely +----------==/\/\==----------+ (__) FreeBSD | DanGer | \\\'',) The | DanGer@IRCnet ICQ261701668 | \/ \ ^ Power | http://danger.rulez.sk | .\._/_) To +----------==\/\/==----------+ Serve