By Script Guru
2011
Jailkit Installation on Linux
Step by step instruction to install jailkit on Linux System
For Mr. Steve
Date: 18th January 2011
Document Version: 1.0
Created by: Script Guru
Jailkit Installation Guide For Linux
Document Version:
Sl. No Version Changes Written By
No
1 1.0 The 1st Draft Guideline of the Document Script Guru
Page -2
Jailkit Installation Guide For Linux
Contents
1. Introduction .......................................................................................................................................... 4
2. Notations............................................................................................................................................... 4
3. Prerequisites ......................................................................................................................................... 4
4. Assumptions .......................................................................................................................................... 5
5. Install the jailkit ..................................................................................................................................... 5
5.1. Download the source .................................................................................................................... 5
5.2. Extract and compile it ................................................................................................................... 5
5.3. Installation the jailkit .................................................................................................................... 5
6. Jailkit configuration files ....................................................................................................................... 6
7. Creating the Jail..................................................................................................................................... 6
8. Creating a jailed user with interactive shell .......................................................................................... 7
8.1. Create System user ....................................................................................................................... 7
8.2. Migrate the user to jail ................................................................................................................. 7
9. Testing user login with putty ................................................................................................................ 7
10. Addition new commands for jailed users ......................................................................................... 8
Page -3
Jailkit Installation Guide For Linux
1. Introduction
This document is a step by step guideline prepared for marlon4 to install jailkit on a Linux
system. This guide should be used as-it-is. It doesn’t guarantee to be usable for any future
Linux because of the nature of the changes in the distribution. However it’s tested in almost
all current modern Linux irrespective of the distribution.
Normally it takes ten minutes or less to install the all the steps described in the document
by any normal caliber system admin. However, it’s recommended to follow the steps
carefully and confirm that the steps completed successfully without any error.
2. Notations
Below notations are used throughout the document to distinguish the texts and their
purposes.
Notation Function Example
Aa Verdana font to write the general texts. Jailkit Installation Guide
For Mr. Steve
# Hash sign to mean the root prompt of the #make
console.
$ Dollar sign to mean the non-root prompt of $ls –l
the console
Diagonal Gradient of lighter red colored box $reboot
to represent command input Courier New
font is being used.
Diagonal Gradient of lighter blue colored box
Xyz abc deleted
to represent command output or content of a successfully
file. Courier New font is being used.
Italic Italic font to highlight any key word The jailkit bin directory must
reside ….
Italic Italic underlined line to emphasize the Don’t delete the /jailroot
importance of the text. folder
3. Prerequisites
There are some prerequisites before proceeding to the installation. They are:
a. Source of jailkit should be downloaded first before starting to installation. You can
download jailkit from http://olivier.sessink.nl/jailkit/index.html#download
b. You have the root privileges of the system.
c. A C compiler (preferred gcc) and make are installed properly along with necessary
libraries.
Page -4
Jailkit Installation Guide For Linux
d. Other general Linux utilities like tar, gzip etc are installed and readily available in
the path.
4. Assumptions
Below assumptions are made while follow this guide and instructions:
a. The source of jailkit are kept in /soft folder. Means create a folder named soft in /
folder, download jailkit from http://olivier.sessink.nl/jailkit/index.html#download.
b. You can edit/create any file in the Linux system.
c. You have general understanding of Linux system administration including user
add/remove, how chroot environment works, file utilities etc. Though this is not a
prerequisites to understand and execute the steps described in this document, it will
help you to better understand the commands and effects.
d. The jail folder that we want to put all users is /jailroot. You can use any, of course.
e. The name of the user we want to put in jail is steve.
5. Install the jailkit
5.1. Download the source
Jailkit can be downloaded in bzip2 format or gzip format. Here we are taking bzip2 file.
Make sure you have write permission in /soft folder.
$ cd /soft
$ wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.bz2
5.2. Extract and compile it
This portion of the document is very straight forward and simple. Just follow the
instruction:
$ cd /soft
$ tar jxf jailkit-2.13.tar.bz2
$ cd jailkit-2.13
$ ./configure
$ make
5.3. Installation the jailkit
We are expecting no error occurred in above steps. If any error occurs we will need to fix it
accordingly, based on error type and description. We didn’t need the root privilege for any
of the above steps, but Installation requires root privileges.
Page -5
Jailkit Installation Guide For Linux
# cd /soft/jailkit-2.13
# make install
6. Jailkit configuration files
Jailkit installs necessary configuration files in /etc/jailkit folder. File name starts with jk_
prefix. So, if we refer to any configuration file we hope you will get it in /etc/jailkit folder.
Good part is that we are not going to change any of the configuration file right at this
moment. But later on we may need to change them. Below table tells about the
configuration files and their purpose:
Sl. No. File name Purpose
1 jk_check.ini Describes the security parameters to be checked with jk_check
utility.
2 jk_chrootsh.ini Configuration file to instruct jk_chrootsh about the jail settings
of the user.
3 jk_init.ini One of the very critical file for jailkit tools. It tells the jk_init
how to create the chroot jail. The default configuration is OK for
32bit environment. But may need to update for 64bit Linux.
4 jk_lsh.ini This is the configuration file for jail shell jk_lsh.
5 jk_socketd.ini This file defines how the log socket daemon jk_socketd will
treat.
6 jk_uchroot.ini Stores the settings to grant regular users the right to change
root into certain directories; used by jk_uchroot program.
7 jk_update.ini Describes how the jail will be reconfigured if any change
happens in the real system. Used by jk_update, which normally
runs in a cron.
7. Creating the Jail
Creating the jail folder is very straight forward. But we may need to configure something to
make sure which command sets we will need to add inside the jail. Please check the
configuration file jk_init.ini to decide which sets you like. The sets are defined in [ ]. You can
create your own sets. The formats are defined details in jk_init man page.
[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep,
users = root
groups = root
[ssh]
comment = ssh secure shell
paths = ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null Page -6sample.
Jk_init.ini file content
Jailkit Installation Guide For Linux
Let’s say we have decided to add basic shell commands (basicshell set), some editors
(editors set) and network utilities (netutils set) for our jail.
Issue below command as root to create the jail. Remember that we have decided in our
assumptions that our jail is /jailroot.
# jk_init -v -j /jailroot basicshell editors netutils
Great, now our jail folder is ready to host jailed users.
8. Creating a jailed user with interactive shell
As we discussed we will use steve as the jailed user.
8.1. Create System user
Now simply create a system user, steve, with the shell /usr/sbin/jk_chrootsh. Then set a
password for steve.
# useradd –g users –d /home/steve –s /usr/sbin/jk_chrootsh steve
# passwd steve
Depending on your Linux distribution and useradd command version, you may need to add –m option
after –d </home/username> to create the home directory.
8.2. Migrate the user to jail
Now we will migrate steve to the jail so that he is always restricted to the jailroot folder.
# jk_jailuser -m -j /jailroot -v -s /bin/bash steve
The command will also move the home folder from system to the jail folder. You will see some changes
in /etc/passwd and /jailroot/etc/passwd files.
…
sifat:x:1000:100::/home/sifat:/bin/bash /etc/passwd file content sample.
joomla:x:1001:100::/var/www/htdocs/Joomla:/bin/bash
steve:x:1009:100::/jailroot/./home/steve:/usr/sbin/jk_chrootsh
….
You can see the home folder of steve is now changed /jailroot/./home/steve which means jk_chrootsh
program will consider that /jailroot will be the chroot for steve and his home will be /home/steve in the
/jailroot folder.
9. Testing user login with putty
Now open any login client that your system supports. We prefer putty client. Connect putty with your
system and login with steve with proper credential. Try issuing some commands you will feel that you
are now under the jail.
Page -7
Jailkit Installation Guide For Linux
10. Addition new commands for jailed users
Very often you will need to add commands for the jailed users which are available to non-jailed users.
Issue jk_cp command for properly adding the command. Simply copying them will not be enough for
you because there may have some other dependency. Let say we want to add /custom/command
command for the jail user we will have to follow:
# jk_cp -j /jailroot –v /custom/command
Now /custom/command will be available for any jailed user.
Page -8