Christian Koller

Jailkit Installation:

# wget http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc5/i386/RPMS.dries/jailkit-2.1-1.fc5.rf.i386.rpm
# wget http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt
# rpm --import RPM-GPG-KEY.dries.txt
# yum install jailkit-2.1-1.fc5.rf.i386.rpm
Is this ok [y/N]: y

jk_init anpassen:

# vi /etc/jailkit/jk_init.ini
[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom

[sftp]
comment = ssh secure ftp
executables = /usr/bin/sftp, /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics

Verzeichnis anlegen:

# mkdir /home/sftp_USERNAME/
# jk_init -v /home/sftp_USERNAME/ sftp scp jk_lsh

Den Benutzer ins Jail kopieren

# jk_jailuser -m -j /home/sftp_USERNAME/ USERNAME

Überprüfen sie:

cat vi /etc/passwd
USERNAME:x:512:48:share.iecw.net:/home/sftp_USERNAME/./home/USERNAME:/usr/sbin/jk_chrootsh

cat vi /home/sftp_USERNAME/etc/passwd
USERNAME:x:512:48:share.iecw.net:/home/USERNAME:/usr/sbin/jk_lsh

Bearbeiten sie die Jail LSH Einstellungen

# vi /home/sftp_USERNAME/etc/jailkit/jk_lsh.ini 
[USERNAME]
paths= /usr/bin, /usr/lib/, /usr/libexec/openssh/
executables= /usr/bin/scp, /usr/bin/sftp, /usr/libexec/openssh/sftp-server

Zur Sicherheit sollten sie das Jail regelmässig überprüfen:

# vi /home/jk_check.ini
[/home/sftp_USERNAME/]
ignorepathoncompare = /home/sftp_USERNAME/etc

# jk_check -c /home/jk_check.ini jail

Weiteres: