Preparing PHP to work in jail - ApacheIn this conclusion to a six-part series on Apache configuration and installation, you will learn how to use chroot to put Apache in jail, how to prepare PHP to work in jail, and more. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Copyright © 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.
print this article SEARCH DEV SHED |
To make PHP work in jail, you should install it as normal. Establish a list of shared libraries required and copy them into the jail: # ldd /chroot/apache/usr/local/apache/ libexec/libphp4.so Some of the libraries are already in the jail, so skip them and copy the remaining libraries (shown in bold in the previous output): # cp /lib/libresolv.so.2 /chroot/apache/lib One problem you may encounter with a jailed PHP is that scripts will not be able to send email because the sendmail binary is missing. To solve this, change the PHP configuration to make it send email using the SMTP protocol (to localhost or some other SMTP server). Place the following in the php.ini configuration file: SMTP = localhost Preparing Perl to work in jail To make Perl work, copy the files into the jail: # cp -dpR /usr/lib/perl5 /chroot/apache/usr/lib Determine the missing libraries: # ldd /chroot/apache/bin/perl Then add them to the libraries that are inside: # cp /lib/libutil.so.1 /chroot/apache/lib
blog comments powered by Disqus |
Containing Intrusions in Apache
