Running Apache in chroot jail

Dan Egli ddavidegli at gmail.com
Tue Oct 14 23:45:39 MDT 2014


Sounds interesting. Got a URL? I think I may have heard mention of Docker
on the list before, but don't recall it's web site address.

Thanks for the tip!
--- Dan

On Tue, Oct 14, 2014 at 12:16 AM, Ken Jordan <ken.w.jordan at gmail.com> wrote:

> You may want to look into Docker then if you're jailing everything.
> Docker is pretty much AWESOME. It's designed to run applications in a
> sandbox environment. Any command/daemon you can think of will probably
> run inside a Docker container. I'm not great with it myself, but if
> you take about 15 minutes and read the introductory docs you will see
> this is what you're really looking for.
>
> Ken Jordan
> ken.w.jordan at gmail.com
>
>
> On Tue, Oct 14, 2014 at 1:09 AM, Dan Egli <ddavidegli at gmail.com> wrote:
> > Hey plug folks,
> > I was wondering if anyone had any good URLs for how-to's or FAQs that
> > explain how to run Apache in a chroot jail. I'm in process of going
> through
> > my server configuration and moving everything possible into a chroot jail
> > for the extra security. The way I figure it, if someone does manage to
> hack
> > into my SMTP server, or my IMAP server, or something like that, then at
> > worst they get access to whatever is in that location, but don't get
> access
> > to anything critical. I'm guessing it reduces the likelihood of someone
> > using my system as a jumping point for spam or other hacks.
> >
> > I've got the basic setup worked out for my mail servers and my DNS
> server.
> > The only other open TCP port on this machine (besides 22 for ssh,
> > obviously) is http/80. I know Apache has a module for running things in a
> > chroot environment (mod_root?) but I've never used it, nor until just
> > recently tried to migrate things to a chroot environment. So I'm looking
> > for documents that show the process.
> >
> > Any suggestions are welcome. Basically I'm trying to minimize the
> exposure
> > in case someone does try to hack me. :)
> >
> > --- Dan
> >
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list