Home arrow Apache arrow Page 3 - Putting Apache in Jail

Preparing PHP to work in jail - Apache

In this conclusion to a six-part series on Apache configuration and installation, you will learn how to use chroot to put Apache in jail, how to prepare PHP to work in jail, and more. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Copyright © 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

TABLE OF CONTENTS:
  1. Putting Apache in Jail
  2. Finishing touches for Apache jail preparation
  3. Preparing PHP to work in jail
  4. Taking care of small jail problems
  5. Using mod_security or mod_chroot
By: O'Reilly Media
Poor Best
Rating: starstarstarstarstar / 2
January 31, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

To make PHP work in jail, you should install it as normal. Establish a list of shared libraries required and copy them into the jail: 

  # ldd /chroot/apache/usr/local/apache/ libexec/libphp4.so
      libcrypt.so.1 => /lib/libcrypt.so.1 (0x006ef000)
       libresolv.so.2 => /lib/libresolv.so.2 (0x00b28000)
       libm.so.6 => /lib/tls/libm.so.6 (0x00111000)
       libdl.so.2 => /lib/libdl.so.2 (0x00472000)
       libnsl.so.1 => /lib/libnsl.so.1 (0x00f67000)
       libc.so.6 => /lib/tls/libc.so.6 (0x001df000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00494000)

Some of the libraries are already in the jail, so skip them and copy the remaining libraries (shown in bold in the previous output):

  # cp /lib/libresolv.so.2 /chroot/apache/lib
  # cp /lib/libnsl.so.1 /chroot/apache/lib

One problem you may encounter with a jailed PHP is that scripts will not be able to send email because the sendmail binary is missing. To solve this, change the PHP configuration to make it send email using the SMTP protocol (to localhost or some other SMTP server). Place the following in the php.ini configuration file:

  SMTP = localhost

Preparing Perl to work in jail

To make Perl work, copy the files into the jail:

  # cp -dpR /usr/lib/perl5 /chroot/apache/usr/lib
  # mkdir /chroot/apache/bin
  # cp /usr/bin/perl /chroot/apache/bin

Determine the missing libraries:

  # ldd /chroot/apache/bin/perl 
           libperl.so => /usr/lib/perl5/5.8.1/i386-linux-thread-multi
  /CORE/libperl.so (0x0067b000)
           libnsl.so.1 => /lib/libnsl.so.1 (0x00664000)
           libdl.so.2 => /lib/libdl.so.2 (0x0060b000)
           libm.so.6 => /lib/tls/libm.so.6 (0x005e7000)
           libcrypt.so.1 => /lib/libcrypt.so.1 (0x00623000)
          libutil.so.1 => /lib/libutil.so.1 (0x00868000)
          libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00652000) 
           libc.so.6 => /lib/tls/libc.so.6 (0x004ac000)
           /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00494000)

Then add them to the libraries that are inside:

  # cp /lib/libutil.so.1 /chroot/apache/lib
  # cp /lib/tls/libpthread.so.0 /chroot/ apache/lib



 
 
>>> More Apache Articles          >>> More By O'Reilly Media
 

blog comments powered by Disqus
   

APACHE ARTICLES

- Apache Unveils Cassandra 1.2
- Apache on ARM Chips? Dell and Calxeda Help M...
- The Down Side of Open Source Software
- VMware Unveils Serengeti for Apache Hadoop
- SAP Takes Steps to Improve Hadoop Integration
- Looking to Hone Apache Hadoop Skills?
- How to Install Joomla on WAMPP
- Working with XAMPP and Wordpress
- GUI Available for Apache Camel
- Reduce Server Load for Apache and PHP Websit...
- Creating a VAMP (Vista, Apache, MySQL, PHP) ...
- Putting Apache in Jail
- Containing Intrusions in Apache
- Server Limits for Apache Security
- Setting Permissions in Apache
Find More Apache Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: