Running Apache in chroot jail

Ken Jordan ken.w.jordan at gmail.com
Tue Oct 14 01:16:44 MDT 2014


You may want to look into Docker then if you're jailing everything.
Docker is pretty much AWESOME. It's designed to run applications in a
sandbox environment. Any command/daemon you can think of will probably
run inside a Docker container. I'm not great with it myself, but if
you take about 15 minutes and read the introductory docs you will see
this is what you're really looking for.

Ken Jordan
ken.w.jordan at gmail.com


On Tue, Oct 14, 2014 at 1:09 AM, Dan Egli <ddavidegli at gmail.com> wrote:
> Hey plug folks,
> I was wondering if anyone had any good URLs for how-to's or FAQs that
> explain how to run Apache in a chroot jail. I'm in process of going through
> my server configuration and moving everything possible into a chroot jail
> for the extra security. The way I figure it, if someone does manage to hack
> into my SMTP server, or my IMAP server, or something like that, then at
> worst they get access to whatever is in that location, but don't get access
> to anything critical. I'm guessing it reduces the likelihood of someone
> using my system as a jumping point for spam or other hacks.
>
> I've got the basic setup worked out for my mail servers and my DNS server.
> The only other open TCP port on this machine (besides 22 for ssh,
> obviously) is http/80. I know Apache has a module for running things in a
> chroot environment (mod_root?) but I've never used it, nor until just
> recently tried to migrate things to a chroot environment. So I'm looking
> for documents that show the process.
>
> Any suggestions are welcome. Basically I'm trying to minimize the exposure
> in case someone does try to hack me. :)
>
> --- Dan
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */


More information about the PLUG mailing list