Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2011
    Posts
    91

    Centos How i build a chroot for Postfix/Mysql/Apache

    Hello

    I use Centos 5.4 on an Vserver.
    Now i want try to make the mail-server(postfix/Dovecot/clamav/etc.) in an own Jail/chroot.
    The Mysql in an own Jail/chroot, and apache with modsecurity in an own Jail/chroot.

    I search with goole but i dont find the right answer.

    How i build an chroot?
    How i find out what files must be copy in the chroot?
    After copy files in chroot can i deinstall the program than in main system?
    thanks

  2. #2
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    681
    there's an easy and a hard way.
    it feels too much to explain the hard way (using ldd to build the most minimal chroot)

    the easy way would be to use the --root option for rpm to install stuff into the to-be-chroot instead of the base system.
    note that doesn't work using yum, that means the next little hurdle is that you'll have to manually add a lot of rpms to this chroot. start with the one callled "setup" and "filesystem" and also look for the utility "pkgorder" from anaconda-runtime.

    Err yeah, and expect it to take a few days till you got it done.

    Last:
    - If I were you I'd go and try to use FreeBSD jails instead.
    - CentOS 5.4 is horribly outdated.



    edit: i wonder if there's a script to do all that, but i unfortunately don't know it. "rpmstrap" is the closest to this that I know of.
    Check out my SSD guides for Samsung, HGST (Hitachi Global Storage) and Intel!

  3. #3
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    681
    And a moment later I remembered that I used to do chroot installs with Yum...

    Found this and I think it will work for you.
    http://prefetch.net/articles/yumchrootlinux.html

    The difference between yum and rpm chrooting is that with rpm you can disable dependencies and get a really really small chroot, wheres using yum means something a little larger.

    rgds
    Flo
    Check out my SSD guides for Samsung, HGST (Hitachi Global Storage) and Intel!

  4. #4
    Join Date
    Jan 2011
    Posts
    91
    Danke für deine Hilfe.
    What makes FreeBSD easyer for building an chroot?

  5. #5
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    You can use mod_chroot for chroot apache environment.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  6. #6
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    681
    Quote Originally Posted by Slatko View Post
    Danke für deine Hilfe.
    What makes FreeBSD easyer for building an chroot?
    The effort is about the same, but you get more from it - instead of a plain chroot you use jails where even root processes are heavily restricted.

    But hmm, just try the yum chroot for a start and then see if you need more.

    mod_chroot is probably just moving the apache process to a different directory after start, which is not as robust.
    But far better than (i guess) 70% of apache installs.
    Check out my SSD guides for Samsung, HGST (Hitachi Global Storage) and Intel!

Similar Threads

  1. Remove Apache, Bind, Sendmail, Postfix, FTP/POP3 in CentOS 5.2
    By hausjellp in forum Hosting Software and Control Panels
    Replies: 3
    Last Post: 09-22-2008, 07:02 AM
  2. Lighty + chroot jail tutorial on CentOS?
    By Teckinno in forum Hosting Security and Technology
    Replies: 10
    Last Post: 04-18-2007, 03:04 PM
  3. Hardware recomendations: Apache with PHP and Tomcat, Perl, MySQL and Postfix
    By cuerty in forum Hosting Security and Technology
    Replies: 4
    Last Post: 04-03-2004, 02:43 PM
  4. Apache+PHP+MySQL+GD build script available
    By LinuxGroup in forum Hosting Security and Technology
    Replies: 13
    Last Post: 02-21-2002, 07:32 AM
  5. Apache+PHP+MySql+GD Build script
    By LinuxGroup in forum Web Hosting Lounge
    Replies: 4
    Last Post: 02-19-2002, 01:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •