安裝jailkit實作chroot
搭建簡易堡壘機 - jailkit chroot
源碼包安裝jailkit
[root@localhost src]# cd /usr/local/src/
[root@localhost src]# wget https://olivier.sessink.nl/jailkit/jailkit-2.19.tar.bz2
[root@localhost src]# tar -jxvf jailkit-2.19.tar.bz2
[root@localhost src]# cd jailkit-2.19/
[root@localhost jailkit-2.19]# yum install gcc -y
[root@localhost jailkit-2.19]# ./configure
[root@localhost jailkit-2.19]# make
[root@localhost jailkit-2.19]# make install 建立虛拟系統的根目錄,初始化指令,會在虛拟系統的根目錄下生成一些目錄
[root@localhost jailkit-2.19]# mkdir /home/jail
[root@localhost jailkit-2.19]# jk_init -v -j /home/jail/ basicshell
[root@localhost jailkit-2.19]# jk_init -v -j /home/jail/ editors
[root@localhost jailkit-2.19]# jk_init -v -j /home/jail/ netutils
[root@localhost jailkit-2.19]# jk_init -v -j /home/jail/ ssh
[root@localhost jailkit-2.19]# cd /home/jail/
[root@localhost jail]# ls
bin dev etc lib64 usr 建立系統使用者并設定密碼
[root@localhost jail]# useradd aling;echo "aling"|passwd --stdin aling 拷貝虛拟系統的shell檔案
[root@localhost jail]# mkdir /home/jail/usr/sbin
[root@localhost jail]# cp /usr/sbin/jk_lsh /home/jail/usr/sbin/jk_lsh 建立虛拟系統使用者
[root@localhost jail]# jk_jailuser -m -j /home/jail/ aling 将虛拟使用者的shell改為/bin/bash
[root@localhost jail]# sed -ir '/^aling/s@/usr/sbin/jk_lsh@/bin/bash@' /home/jail/etc/passwd vim /etc/ssh/sshd_config
PasswordAuthentication no
vim /etc/hosts.allow
sshd: 192.168.221.0/24 //允許哪些ip
vim /etc/hosts.deny
sshd: ALL //除了允許ip之外的ip都拒絕 日志審計
[root@apenglinux-002 ~]# mkdir /usr/local/records
[root@apenglinux-002 ~]# chmod 777 /usr/local/records
[root@apenglinux-002 ~]# chmod +t /usr/local/records [root@apenglinux-002 ~]# vim + /etc/profile //在最後追加如下
if [ ! -d /usr/local/records/${LOGNAME} ]
then
mkdir -p /usr/local/records/${LOGNAME}
chmod 300 /usr/local/records/${LOGNAME}
fi
export HISTORY_FILE="/usr/local/records/${LOGNAME}/bash_history"
export PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE' [root@apenglinux-002 ~]# source /etc/profile ![Android的activity跳轉動畫實作[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)