wiki:experiences:igraltist:jail_apache2
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
wiki:experiences:igraltist:jail_apache2 [2008/07/12 07:07] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:jail_apache2 [2008/07/14 04:39] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| This is the modified apache2 init-script | This is the modified apache2 init-script | ||
| - | diff -u apache2_orginal apache2 | + | <code bash> |
| - | --- apache2_orginal 2008-07-01 14:33:17.000000000 +0200 | + | --- apache2_orginal 2008-07-01 14:33:17.000000000 +0200 |
| - | +++ apache2 2008-07-02 18:11:08.000000000 +0200 | + | +++ apache2 2008-07-02 18:11:08.000000000 +0200 |
| - | @@ -115,6 +115,8 @@ | + | @@ -115,6 +115,8 @@ |
| - | fi | + | fi |
| - | done | + | done |
| - | fi | + | fi |
| - | + echo "sleeping a bit, otherwise the port is blocking from dieing apache" | + | + echo "sleeping a bit, otherwise the port is blocking from dieing apache" |
| - | + sleep 2 | + | + sleep 2 |
| - | } | + | } |
| - | # Stupid hack to keep lintian happy. (Warrk! Stupidhack!). | + | |
| - | @@ -126,7 +128,9 @@ | + | # Stupid hack to keep lintian happy. (Warrk! Stupidhack!). |
| - | #ssl_scache shouldn't be here if we're just starting up. | + | @@ -126,7 +128,9 @@ |
| - | [ -f /var/run/apache2/ssl_scache ] && rm -f /var/run/apache2/*ssl_scache* | + | #ssl_scache shouldn't be here if we're just starting up. |
| - | log_begin_msg "Starting web server (apache2)..." | + | [ -f /var/run/apache2/ssl_scache ] && rm -f /var/run/apache2/*ssl_scache* |
| - | - if $APACHE2CTL start; then | + | log_begin_msg "Starting web server (apache2)..." |
| - | +# if $APACHE2CTL start; then | + | - if $APACHE2CTL start; then |
| - | + $ENV run-jail apache2 /usr/sbin/apache2ctl start | + | +# if $APACHE2CTL start; then |
| - | + if [ "$?" -eq 0 ]; then | + | + $ENV run-jail apache2 /usr/sbin/apache2ctl start |
| - | log_end_msg 0 | + | + if [ "$?" -eq 0 ]; then |
| - | else | + | log_end_msg 0 |
| - | log_end_msg 1 | + | else |
| - | @@ -148,7 +152,9 @@ | + | log_end_msg 1 |
| - | fi | + | @@ -148,7 +152,9 @@ |
| - | log_begin_msg "Reloading web server config..." | + | fi |
| - | if pidof_apache; then | + | log_begin_msg "Reloading web server config..." |
| - | - if $APACHE2CTL graceful $2 ; then | + | if pidof_apache; then |
| - | + $ENV run-jail apache2 /usr/sbin/apache2ctl graceful reload | + | - if $APACHE2CTL graceful $2 ; then |
| - | + #if $APACHE2CTL graceful $2 ; then | + | + $ENV run-jail apache2 /usr/sbin/apache2ctl graceful reload |
| - | + if [ "$?" -eq 0 ]; then | + | + #if $APACHE2CTL graceful $2 ; then |
| - | log_end_msg 0 | + | + if [ "$?" -eq 0 ]; then |
| - | else | + | log_end_msg 0 |
| - | log_end_msg 1 | + | else |
| - | @@ -160,7 +166,9 @@ | + | log_end_msg 1 |
| - | if ! apache_sync_stop; then | + | @@ -160,7 +166,9 @@ |
| - | log_end_msg 1 | + | if ! apache_sync_stop; then |
| - | fi | + | log_end_msg 1 |
| - | - if $APACHE2CTL start; then | + | fi |
| - | + $ENV run-jail apache2 /usr/sbin/apache2ctl start | + | - if $APACHE2CTL start; then |
| - | + if [ "$?" -eq 0 ]; then | + | + $ENV run-jail apache2 /usr/sbin/apache2ctl start |
| - | +# if $APACHE2CTL start; then | + | + if [ "$?" -eq 0 ]; then |
| - | log_end_msg 0 | + | +# if $APACHE2CTL start; then |
| - | else | + | log_end_msg 0 |
| - | log_end_msg 1 | + | else |
| + | log_end_msg 1 | ||
| + | </code> | ||
| + | <code bash> | ||
| + | ; | ||
| + | ; RSBAC JAIL definition for apache2 | ||
| + | ; 20060502 | ||
| + | ; | ||
| + | ; Tested by: | ||
| + | ; Fuleki Miklos (RAk) | ||
| + | ; Peter Busser (peter) | ||
| + | ; Robert Penz (robert) | ||
| + | ; igraltist on debian | ||
| + | ; | ||
| + | "" | ||
| + | "0.0.0.0" | ||
| + | (allow-dev-read | ||
| + | allow-dev-write | ||
| + | allow-all-net-family | ||
| + | allow-inet-raw | ||
| + | private-namespace) | ||
| + | (setuid | ||
| + | setgid | ||
| + | net-bind-service | ||
| + | kill) | ||
| + | (sysctl) | ||
| + | (rlimit) | ||
| + | </code> | ||
| - | ; | + | <code bash> |
| - | ; RSBAC JAIL definition for apache2 | + | /etc/init.d/apache2 start |
| - | ; 20060502 | + | Starting web server (apache2)... |
| - | ; | + | This is execute now: |
| - | ; Tested by: | + | rsbac_jail -d -D -n -r -N -C SETUID SETGID NET_BIND_SERVICE KILL -G sysctl -M rlimit /usr/sbin/apache2ctl start |
| - | ; Fuleki Miklos (RAk) | + | </code> |
| - | ; Peter Busser (peter) | + | |
| - | ; Robert Penz (robert) | + | |
| - | ; | + | |
| - | "" | + | |
| - | "0.0.0.0" | + | |
| - | (allow-dev-read | + | |
| - | allow-dev-write | + | |
| - | allow-all-net-family | + | |
| - | allow-inet-raw | + | |
| - | private-namespace) | + | |
| - | (setuid | + | |
| - | setgid | + | |
| - | net-bind-service | + | |
| - | kill) | + | |
| - | (sysctl) | + | |
| - | (rlimit) | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | /etc/init.d/apache2 start | + | |
| - | Starting web server (apache2)... | + | |
| - | This is execute now: | + | |
| - | rsbac_jail -d -D -n -r -N -C SETUID SETGID NET_BIND_SERVICE KILL -G sysctl -M rlimit /usr/sbin/apache2ctl start | + | |
wiki/experiences/igraltist/jail_apache2.txt · Last modified: 2008/07/14 04:39 by 127.0.0.1