For security reason you may need to find out current working directory of a process. You can obtained this information by visiting /proc/pid/cwd directory or using the pwdx command. The pwdx command reports the current working directory of a process or processes.
[click to continue…]
Yesterday I wrote about increasing local port range with net.ipv4.ip_local_port_range proc file. There is also /proc/sys/kernel/pid_max file, which specifies the value at which PIDs wrap around (i.e., the value in this file is one greater than the maximum PID). The default value for this file, 32768, results in the same range of PIDs as on earlier kernels (< =2.4). The value in this file can be set to any value up to 2^22 (PID_MAX_LIMIT, approximately 4 million). [click to continue…]
Chrooted jail allows run command or service such as http / mysql / postfix with special root directory i.e. chroot changes the root directory for application. The biggest benefit is a service that is re-rooted to another directory cannot access files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:
[a] Service Isolation
[b] Privilege Separation
But how do you find out if service / server is chrooted or not under Linux?
Simply run ls -ld command on /proc/MAIN-PID/root directory.
For example, find out if httpd chrooted or not:
Run ls command:
ls -ld /proc/23456/root
lrwxrwxrwx 1 root root 0 Sep 10 02:52 /proc/23456/root -> /wwwdata
Find out if postfix is chrooted or not (PID 4645):
ls -ld /proc/4645/root
lrwxrwxrwx 1 root root 0 Sep 10 02:59 /proc/4645/root -> /
The PID 4645 pointing out to / (root) i.e. the root directory for application is not changed or chrooted. This is a quick and dirty way to find out if application is chrooted or not w/o opening configuration files.