When adding files to the chroot jail, keep in mind the idea is to limit what goes into the jail as much as possible. With every file you add, determine if the file is absolutely necessary for the environment or if it is being added for convenience. Always go through whatever extra steps are necessary to ensure that no shortcuts are taken and that the jail truly contains only what it needs.
What should exist in the environment is a simplified copy of the regular file system. It will at least have the following folders and probably more, depending on the daemons running in the chrooted environment:
/chroot/daemon name/bin /chroot/daemon name/dev /chroot/daemon name/etc /chroot/daemon name/lib /chroot/daemon name/var /chroot/daemon name/var/run
Having said that, be cognizant of the purpose of the jail and never add files or functionalities that would aid in escaping the jail. There is no point in having a chroot jail stocked with all of the functionality necessary to escape. Adhere to the following guidelines:
• Never put a compiler in the jail, as it will almost certainly be used for no good.
• Never put a Perl interpreter in the jail, as it is essentially a compiler.
• Never have sudo in the chroot jail, as it entirely defeats the purpose of chrooting.
• Ensure all of the executables and dependencies in the jail are not vulnerable to any kind of exploit as this could allow attackers to escape the jail.
• Don't include anything that must run as root to operate.
• Don't include anything that uses SUID.
• Prevent any writing or modification to the environment, if possible.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.