We live in an environment where there are hackers always attempting to get access to our server’s data and configuration. One of the ways to prevent that is by using the DNS jail or chroot. It is a pseudo root that users cannot get any higher in the directory structure.
The tasks of the administrator is to make sure these services that are installed and configured properly so they are not compromised.
Describe each of the three advantages and provide a screenshot or description of each. You may need to search the public web using a search engine like Google or Bing to find screenshots of systems with different services. Cite any sources you use in APA format; this includes sources for any screenshots that are not your own.
When responding to your peers’ posts, describe your initial thoughts on the best advantage over the other system’s services they posted. Note any major similarities or differences your notice between the different services.
First, how does it work? When one types /sbin/chroot directory_name on the UNIX system command line one sees that the new root is now 'directory_name' (the /bin/ls / command produces the listing of files from 'directory_name' presuming that you have an 'ls' command located within your new root). Chroot shell command changes the root directory for a process, goes into this directory and then starts a shell or a user-specified command.
Chroot command uses a chroot() system call. The command and the system call have an important difference between them: unlike the shell command, chroot() call does not change your working directory to the one inside chrooted jail. The source of chroot.c (shell command, in Linux part of sh-utils) shows the following sequence of system calls:
As will be seen further, it will allow for easy chroot jail breaking.
Chroot is often used as a security measure. If one has ever used an anonymous ftp server, one has used chroot. Ftp server chroots itself into a special directory upon the anonymous ftp login. DNS (Domain Name System) daemon bind is often chrooted as well. People also suggested chrooting telnet/ssh remote shell users into their corresponding home directories, so they can only update their web pages. Web servers can be run chrooted too. Smap secure email wrapper from FWTK firewall tool kit runs chrooted to the mail spool directory. When chroot is implemented, programs running inside cannot access any system resources on the outside. Thus all system libraries, configuration files and even devices files should be recreated within the chroot jail.
What daemons can be chrooted? If a daemon has to access files that are not easily collectible in one place, chrooting it will be hard. For example, sendmail needs mail spool (/var/spool/mail), other files in spool (such as mqueue), user's home directories (to check for .forward files) and system configuration files in /etc. There is no pl...