This little issue screwed up my wordpress install, which I was able to work around (as far as I can tell, anyways) by changing the reference in the config file from “localhost” to 127.0.0.1, but I’m not sure if this will adversely affect me anywhere else down the line.

Any ideas on fixing this?

Thanks for the tutorial! It helped me a lot!
Any tips on getting fam to work with lighttpd?

Copying /lib and /lib64 certainly seems quicker than running ldd for every executable I want to bring into the jail. So why is the ldd approach the only one I’ve seen in ‘apache security’ and the like? Any thoughts? Maybe just to keep chroot size down?

Noop, we just copied libs no headers or compiler itself. Also, in order to upload or download file most attacker depends upon tools like wget or others. Under jail none of the binaries or headers available.

You can selectively copy files /lib64 such as resolvers by tracing used libs via ldd command.

HTH

I thought one of the main advantages of chrooting or jailing a server is that any attacker who compromises the server won’t be able to compile malicious code, due to not having the necessary libraries.

So, if you copy all of /lib64 and /usr/lib into the jail, including /lib64/gcc for instance, haven’t you sort of given an attacker, if not the key to the jail, then some equipment that can be used to create a key?

Database cannot be just synced using rsync or cp command. You need to dump mysql using mysqldump and import using mysql < db.dump.sql command. Rest of the stuff can be synced.

HTH

in the latest version of ubuntu (hardy) is an error before restarting lighttp (with the basic configuration):


2008-05-20 08:13:50: (server.c.908) Configuration of plugins failed. Going down.
2008-05-20 23:34:55: (log.c.75) server started
2008-05-20 23:34:55: (mod_compress.c.185) can't stat compress.cache-dir /var/cache/lighttpd/compress/ No such file or directory


To resolve simply run:

mkdir /webroot/var/cache/
mkdir /webroot/var/cache/lighttpd/
mkdir /webroot/var/cache/lighttpd/compress/


and then start lighttpd:


/etc/init.d/lighttpd start


Cannot load mcrypt check your PHP configuration

But, mcrypt is installed and i have moved all the files that i could find with mcrypt in their name, to the same locatio under /webroot, but with no effect. Anyone got a suggestion.
I am using the phpmyadmin so apperantly its not that bad, but it would be nice not to have errors in the setup ;)

1. Even though I have made a copy of hosts and resolv.conf to /webroot/etc/ I still cant use localhost to connect to the db. Works fine with 127.0.0.1, so its not really a big problem. And I have checked the hosts file, and localhost is in it.

2. I would like to install phpMyAdmin to manage the MySQL, but since I have never installed anything in a chroot jail before, I dont know how. I assume the apt-get install phpmyadmin will do me no good, since the web-server is not where it normally should be.

THX for the guide, tested on Ubuntu 7.10 (minimal) to be a complete no-brainer to follow. Just shut down your brain and copy-paste ;-)