· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Docbook Sgml/ChrootAPM

Chroot ·Î ¾ÈÀüÇÑ WebServer/MySQL ±¸ÃàÇϱâ

Chroot ·Î ¾ÈÀüÇÑ WebServer/MySQL ±¸ÃàÇϱâ

Á¤°æÁÖ

                    
                

1 November 2003, DocBook Edit by pibonazi (at) hotmail.com : 3 November 2003


º» ¹®¼­¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¸í½ÃµÈ ÀÛ¼ºÀÚ¿¡°Ô ÀÖ½À´Ï´Ù. ¹®¼­¿¡ ´ëÇÑ ¹èÆ÷´Â ¸ðµÎ Çã¿ëÇϸç, ³»¿ëÀÇ Á¤Á¤ÀÌ ÇÊ¿äÇÒ¶§´Â Çã¶ôÀ» ¸ÃÀ¸¼Å¾ß ÇÕ´Ï´Ù. ÀÓÀÇ·Î ¼öÁ¤ÇÏ¿© ¹®¼­¸¦ ¹èÆ÷½Ã¿¡´Â ÀúÀ۱ǹý¿¡ µû¶ó ó¹ú ¹Þ½À´Ï´Ù. ¿ÀŸ³ª À߸øµÈ ºÎºÐÀº ¼öÁ¤À» ÇÏÁö ¾ÊÀ»°ÍÀ̸ç, Plat ¹®¼­·Î ³²±â°í ½Í½À´Ï´Ù. Àß º¸½Ã°í, chroot ·Î ¾ÈÀüÇÑ ¼­¹ö¸¦ ±¸ÃàÇϼ¼¿ä È­ÀÌÆÃ~ :=).


1. Chroot ÀÇ ÀÌÇØ

Chroot ¶ó´Â°ÍÀº ¸»ÀÌ ÇÊ¿ä¾ø½À´Ï´Ù. Àú´Â °³ÀÎÀûÀ¸·Î Change Root ¶ó°í ºÎ¸¨´Ï´Ù. ÃÖ»óÀ§µð·ºÅ丮¸¦ Àӽà ±³Ã¼Çϴ°ÍÀÔ´Ï´Ù. Áï.. ¸ÇÆäÀÌÁö¿¡´Â¾Æ·¡Ã³·³ ³ª¿Í ÀÖ½À´Ï´Ù.

NAME
	chroot  -  run  command  or interactive shell with special root directory
	

Áï, ¸®´ª½º ½Ã½ºÅÛÀÇ ÃÖ»óÀ§µð·ºÅ丮´Â / ÀÔ´Ï´Ù. ±×·¯³ª /chroot¶ó´Â µð·ºÅ丮¸¦ Çϳª »ý¼ºÇÑµÚ ±× µð·ºÅ丮¸¦ ÃÖ»óÀ§ µð·ºÅ丮·Î ÀüȯÇÒ¼ö°¡ ÀÖ½À´Ï´Ù. ±×°ÍÀÌ Chroot À̸ç, glibc ¶óÀ̺귯¸®·Î chroot ¶ó´Â C¾ð¾î ÇÔ¼ö¸¦ Á¦°øÇÕ´Ï´Ù. ÀÌ ÇÔ¼ö¸¦ ÀÌ¿ëÇؼ­ ¸¸µé¾îÁø°ÍÀÌ chroot ¹ÙÀ̳ʸ® ÀÔ´Ï´Ù.

---------------------------------------------------------------------------
[root@localhost root]# ls -al /usr/sbin/chroot
-rwxr-xr-x    1 root     root        11232  2¿ù 19  2003 /usr/sbin/chroot
[root@localhost root]#
---------------------------------------------------------------------------
	

±×·¯³ª, ¾Æ¹«µð·ºÅ丮³ª ÁöÁ¤ÇÏ°í ±³Ã¼ÇÏ·Á°í ÇÑ´Ù¸é ºÐ¸í ½ÇÆÐÇÒ°ÍÀÔ´Ï´Ù. ±× µð·ºÅ丮¾È¿¡´Â ÇÊ¿äÇÑ°ÍÀÌ Àִµ¥, ±âº»ÀûÀ¸·Î ½©ÆÄÀÏ°ú ½©ÀÌ ±¸µ¿Çϱ⿡ ÇÊ¿äÇÑ ¶óÀ̺귯¸®°¡ ¸ðµÎ ÀÖ¾î¾ßÇÕ´Ï´Ù. ±×¸®°í ÇÊ¿äÇÑ ¼³Á¤ÆÄÀϵ鵵 ³Ö¾îÁÖ¸é ÁÁ½À´Ï´Ù. Áï..

/chroot/bin
/chroot/etc
/chroot/lib
/chroot/usr
/chroot/tmp
/chroot/var
/chroot/dev
	

ÀÌ·± ½ÄÀ¸·Î µð·ºÅ丮¿Í ÇÊ¿äÇÑ ÆÄÀϵéÀ» À籸¼ºÇϴ°ÍÀÔ´Ï´Ù. ½ÇÁ¦ ¸®´ª½º »óÀ§µð·ºÅ丮ó·³ ¸»ÀÌÁÒ. ÀÌÇØÇϼ̽À´Ï±î?

bin ¾È¿¡´Â ¿ì¸®°¡ »ç¿ëÇÒ ¹Ù¿î½º½©(bash) µµ ÇÊ¿äÇÏ°í, chroot ¾È¿¡¼­ »ç¿ëÇÒ ¹ÙÀ̳ʸ® ÆÄÀϵ鵵 ÇÊ¿äÇÏ°ÚÁÒ? À̸¦Å׸é ls , cp , mv , rm ,mkdir ....

etc ¾È¿¡´Â ¹¹.. chroot ¾È¿¡¼­¸¸ »ç¿ëÇÒ º¹Á¦ÆÇ passwd , shadow , group hosts .... ¸î¸î°³¸¸ ÀÖÀ¸¸é µÇ°ÙÁÒ?

lib ¾È¿¡¾ß ¸»ÇҰ͵µ ¾ø½À´Ï´Ù. chroot ·Î ÁøÀÔÇѵڿ¡ ÀÛµ¿ÇÒ ¹ÙÀ̳ʸ® ÆÄÀϵéÀÌ ÇÊ¿ä·ÎÇÏ´Â ¶óÀ̺귯¸®ÆÄÀÏÀº ¸ðµÎ ¿©±â¿¡ º¹»çÇØÁÖ¸é µË´Ï´Ù.

usr ¾È¿¡´Â /usr/local/apache ³ª /usr/local/mysql ¸¦ ¿ø·¡ÀÇ ½Ã½ºÅÛ¿¡ ¼³Ä¡µÈ °æ·Î·Î ÇÒ°ÍÀ̱⠶§¹®¿¡ ³­Áß¿¡ ¾ÆÆÄÄ¡³ª µ¥ÀÌŸº£À̽º¼­¹ö ±¸µ¿¿¡ ÇÊ¿äÇÑ ÆÄÀÏÀ» ±×´ë·Î ¿È°ÜÁÖ¸é µÇ°ÚÁÒ? µð·ºÅ丮 ÀÚü..;;

tmp ¿¡´Â ÇÊ¿ä¾÷ÁÒ ¹¹..

var µµ º°°Ç ¾ø°í run µð·ºÅ丮³ª logs µð·ºÅ丮¸¦ ¸¸µé¾îÁÖ¸é µË´Ï´Ù.

¸¶Áö¸·À¸·Î dev °°Àº°æ¿ì´Â ÁÖ·Î ¾²ÀÌ´Â /dev/null(°ø¹éÀåÄ¡)¸¸ mknod ·Î ¸¸µé¾î ÁÖ¸é µÇ°Ú½À´Ï´Ù.

±×·¯¸é ÀÌ°ÍÀ¸·Î chroot¿¡ ´ëÇÑ ÀÌÇظ¦ ¸¶ÃƽÀ´Ï´Ù. ¸¶Áö¸·À¸·Î À§¿¡¼­ ¼Ò°³ÇÑ chroot ¶ó´Â ¾¾¾ð¾î ÇÔ¼ö¿¡ ´ëÇÑ ¸ÇÆäÀÌÁöÀÇ ¸Þ´º¾óÀ» ¾à°£¸¸ º¼±î¿ä?

# man 2 chroot
---------------------------------------------------------------------------
          CHROOT(2)            ¸®´ª½º ÇÁ·Î±×·¡¸Ó ¸Þ´º¾ó           CHROOT(2)

          À̸§
                 chroot - ·çÆ® µð·ºÅ丮¸¦ ¹Ù²Û´Ù.

          »ç¿ë¹ý
                 #include < unistd.h >

                 int chroot(const char *path);

---------------------------------------------------------------------------
#include< unistd.h >

main(){
int ret;

ret = chroot("/chroot"); 

if(ret==0) printf("chroot ÀÛµ¿ ¼º°ø\n");
else printf("chroot ÀÛµ¿ ½ÇÆÐ\n");
}
	

°£´ÜÈ÷ ÀÌ·± ¼Ò½º·Î °¡´ÉÇÏ°ÚÁÒ? ¹¹ ¼º°øÇÏ¸é ¸®ÅÏ°ªÀÌ 0 ÀÌ°í, ¾Æ´Ï¸é -1 À» ¸®ÅÏÇÑ´Ù°í Çϳ׿ä.. ¾¾¾ð¾î¸¦ ¾Æ½Ã´Â ºÐÀÌ¸é ´Ù ¾Æ½ÇÅ×ÁÒ.. ´ÙÀ½À¸·Î ³Ñ¾î°¡µµ·Ï ÇÏ°Ú½À´Ï´Ù.


2. APM Á¤»ó ¼³Ä¡

APM(Apache Php Mysql)ÀÇ ¹­À½¸»ÀÌÁÒ?

	A = °ø°³¿ë ¾ÆÆÄÄ¡ À¥¼­¹ö ( 80 Æ÷Æ®¸¦ »ç¿ë )
	P = °ø°³¿ë PHP À¥ÇÁ·Î±×·¡¹Ö ¾ð¾î (  À¸·Î ±¸¼ºµÊ )
	M = °ø°³¿ë MYSQL µ¥ÀÌŸº£À̽º ¼­¹ö ( 3306 Æ÷Æ®¸¦ »ç¿ë )
	

ÀÌ·¸°Ô ¾ÆÆÄÄ¡À¥¼­¹ö¸¦ ±â¹ÝÀ¸·Î PHP¾ð¾î°¡ ÀÛµ¿ÇÕ´Ï´Ù. ¾ÆÆÄÄ¡À¥¼­¹ö¿¡ PHPÀÇ ¸ðµâÀÌ Å¾Àç µÇ´Â°ÍÀÌÁÒ. ±×¸®°í MYSQLÀº PHP ¼³Á¤½Ã¿¡ µð·ºÅ丮°¡ ÁÖ¾îÁö´Âµ¥ PHP ¸ðµâÀÌ MYSQL ¼­¹ö¿¡ Äõ¸®(ÁúÀǹ®)¸¦ º¸³»¼­, µ¥ÀÌŸº£À̽ºÀÇ Á¤º¸¸¦ ÁÖ°Å´Ï ¹Þ°Å´Ï Çϸ鼭 À¥¼­¹ö¿¡ Á¢¼ÓÇÑ À¥¹æ¹®ÀÚ¿¡°Ô ¾Ë¸Â°Ô Á¶¸®Çؼ­ º¸¿©ÁÖ°Ô µË´Ï´Ù.

ÀÌ·±½ÄÀ¸·Î ±¸¼ºµÈ°ÍÀº À¥»ó¿¡ http://µµ¸ÞÀÎ/file.php ȤÀº php3 µîÀ̳ª.. °æ¿ì¿¡ µû¶ó¼­´Â htm html ±îÁöµµ PHP ½ºÅ©¸³Æ®´Â ÇüÅ·ΠÆÄÀÏ¿¡ »ðÀԵǾ ÀÛµ¿Çϱ⵵ ÇÕ´Ï´Ù.

ÀÌ°ÍÀÌ ¾îµð¿¡ ÀÛµ¿ÇÏ´ÂÁö ¸ð¸£½Å´Ù¸é, ¿¹¸¦µéÁÒ? À¥°Ô½ÃÆÇ, ȸ¿ø¼­ºñ½º, ÀÚ·á½Ç, ¼îÇθô, ¸ÞÀϸµ¸®½ºÆ®, ¹æ¸í·Ï ... µîµîÀÇ À¥¾ÖÇø®ÄÉÀ̼ǵéÀÔ´Ï´Ù. ³×ƼÁðÀ̶ó¸é ÀÚÁÖ Á¢Çϴ°͵éÀÌÁÒ.

ÀÌÁ¦ APM ¿¡ ´ëÇÑ ÀÌÇظ¦ ÇϼÌÀ¸¸®¶ó ¹Ï½À´Ï´Ù. ¼³Ä¡¿¡ ´ëÇؼ­´Â ¿©·¯°¡Áö ¼ö¾øÀÌ ¸¹Àº ¸Þ´º¾óÀÌ ÀÖÁö¸¸.. ÀÌ ¹®¼­¿¡¼­´Â ÁÖÁ¦¿¡ ÃÐÁ¡À» ¸ÂÃß±âÀ§Çؼ­ ¼­¹ö¼³Ä¡°úÁ¤Àº ´ãÁö ¾Ê½À´Ï´Ù. ¼³Ä¡´Â °ü·Ã Ã¥ÀÚ³ª ´ÙÀ½¸µÅ©¿¡¼­ Àо½Ã°í µû¶óÇϽñ⠹ٶø´Ï´Ù.

http://linux.co.kr/theme/pageview.html?ca=200101=28=apm=³ª¸¸ÀÇ%20À¥¼­¹ö%20²Ù¹Ì±â

ÀÌÁ¦ /usr/local/apache µð·ºÅ丮¿¡´Â ¾ÆÆÄÄ¡ À¥¼­¹ö¸¦ ¼³Ä¡ÇÏ°í, /usr/local/mysql¿¡´Â ¸¶ÀÌ¿¡½ºÅ¥¿¤ µ¥ÀÌŸº£À̽º¸¦ ¼³Ä¡ÇÑ µð·ºÅ丮¶ó´Â °¡Á¤ÇÏ¿¡¼­ ¹®¼­¸¦ °è¼Ó ÁøÇàÇÏ°Ú½À´Ï´Ù.


3. º¹Á¦ ÆÄÀϽýºÅÛ "BreakBreak"

¿ì¸®ÀÇ À¯ÀüÀÚº¹Á¦±â¼úÀ» ½Ã¿¬Çغ¸¿´´ø 'º¹Á¦¾ç µ¹¸®' °¡ »ý°¢À̳ª¼­ ŸÀÌƲÀ» Á¤Çߴµ¥ ±¦ÂúÀº°¡¿ä? BreakBreak(¾ÆÁÖ³­ÇØÇѴܾî:¿Ü°è¾î-´ÚºÏ¿¡µðÅÍÁÖ:¿Ü°è¾î°¡ À§Å°À§Å°¿¡ ÀÔ·ÂÀÌ ¾ÈµË´Ï´Ù. -_-;) ..;;

ÀÌ Àå¿¡¼­´Â ¹«¾ùÀ» ¾Ë¾Æº¸·Á°í µÇÁöµµ¾Ê´Â À¯¸Ó¸¦ ±¸»çÇϴ°¡? ÇϽÇÅÙµ¥¿ä.. °£´ÜÇÕ´Ï´Ù. ¾Æ±îÀü¿¡ chroot¿¡ ´ëÇؼ­ ¼³¸íµå·È´Ù½ÃÇÇ, µð·ºÅ丮³ª ÇÊ¿äÇÑ ÆÄÀϵéÀ» À籸¼ºÇϴ°ÍÀÔ´Ï´Ù. ¹¹ ±×°Í¿¡ ´ëÇؼ­ ¾î¶²¾î¶² °ÍµéÀ» À籸¼ºÇØÁÖ¾î¾ß ÇÏ´ÂÁö¿¡ ´ëÇؼ­ ´Ù·ïº¼°ÍÀÔ´Ï´Ù.

ÇÊÀÚ°¡ ¹®¼­¾²´Â°Ô »õº®ÀÎÁö¶ó.. ´Ù½Ã ÇÏ·Á¸é ¹®¼­¾²´Â ½Ã°£ÀÌ ²Ï³ª ±æ¾îÁú°Í °°¾Æ¼­, ¹Ì¸® ±¸¼ºÇسõÀº ¼­¹ö¿¡ Á¢¼ÓÇؼ­ ĸÃÄÇؼ­ ºÎºÐºÎºÐ ¼³¸íÇÏ°Ú½À´Ï´Ù.

¾çÇعٷ¡¿ä ..

---------------------------------------------------------------------------
[root@koreasecurity /]# ls -al / | grep chroot
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 chroot
[root@koreasecurity /]#
---------------------------------------------------------------------------
	

755 ·Î ±âº» ±ÇÇÑÀ¸·Î µÇ¾î ÀÖÁÒ? ·çÆ®¼ÒÀ¯ÀÚ·Î..

mkdir /chroot ·Î ¸¸µç°ÍÀÔ´Ï´Ù. ÀÌ µð·ºÅ丮¸¦ chroot ·Î »óÀ§µð·ºÅ丮·Î ÀüȯÇÒ°ÅÁÒ.. ÀÌÇصǽÃÁÒ?

±×·³ /chroot µð·ºÅ丮¾È¿¡ µé¾î°¡¼­ ÇϳªÇϳª µÇ¤¾îº¼²²¿ä.

---------------------------------------------------------------------------
[root@koreasecurity /]# cd /chroot
[root@koreasecurity chroot]# ls
bin  dev  etc  home  lib  lost+found  root  sbin  tmp  usr  var
[root@koreasecurity chroot]# pwd
/chroot
[root@koreasecurity chroot]#
---------------------------------------------------------------------------
	

»óÀ§µð·ºÅ丮 ó·³ À籸¼ºµÇ¾î ÀÖÁÒ?

bin ºÎÅÍ »ìÆ캸ÁÒ.

---------------------------------------------------------------------------
[root@koreasecurity chroot]# cd bin
[root@koreasecurity bin]# ls
arch        cut            gawk      ls             rm         touch
ash         date           gettext   mkdir          rmdir      true
ash.static  dd             grep      mknod          rpm        umount
awk         df             gtar      mktemp         rvi        uname
basename    dnsdomainname  gunzip    more           rview      unicode_start
bash        doexec         gzip      mount          sed        unicode_stop
bash2       domainname     hostname  mt             setfont    unlink
bsh         dumpkeys       igawk     mv             setserial  usleep
cat         echo           ipcalc    netstat        sh         vi
chgrp       ed             kbd_mode  nice           sleep      view
chmod       egrep          kill      nisdomainname  sort       ypdomainname
chown       env            link      pgawk          stty       zcat
cp          ex             ln        ps             sync
cpio        false          loadkeys  pwd            tar
csh         fgrep          login     red            tcsh
[root@koreasecurity bin]# pwd
/chroot/bin
[root@koreasecurity bin]#
---------------------------------------------------------------------------
	

º¸½Ã´Â ¹Ù¿Í °°ÀÌ /bin À» ¿È°Ü³õÀº°ÍÀÔ´Ï´Ù. ¿ø·¡´Â À¥¿¡¼­ Á¢±ÙÇÏ´Â ¹æ¹®ÀÚµéÀº ÀÌ·± ¸í·É¾îµéÀ» º°·Î ¾µÀÏÀÌ ¾ø±â ¶§¹®¿¡, ¸î¸î°³¸¸ ³²°ÜµÎ°í Áö¿ì¼Åµµ µÇÁö¸¸, ¹ü¿ë¼ºÀ» À§Çؼ­ ±×³É µÎ¾ú½À´Ï´Ù. ÀÌ°÷¿¡ ÀÖ´Â ¹ÙÀ̳ʸ®ÆÄÀϵéÀº.. chroot ·Î º¯È¯µÇ¾î /chroot °¡ -> / °¡ µÉ¶§ ±×¼Ó¿¡¼­ »ç¿ëµÉ ¹ÙÀ̳ʸ® ¸í·É¾î ÆÄÀϵéÀÌÁÒ.

´ÙÀ½Àº etc ¸¦ º¼±î¿ä?

---------------------------------------------------------------------------
[root@koreasecurity bin]# cd ..
[root@koreasecurity chroot]# cd etc
[root@koreasecurity etc]# pwd
/chroot/etc
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¿©±â¿¡ ÀÖ´Â ÆÄÀϵéÀº /etc ¾È¿¡ Àִ°ÍÀ» ¸î°³ cp ¸í·ÉÀ¸·Î º¹»çÇÑ°ÍÀÔ´Ï´Ù. ÇϳªÇϳª ±â´ÉÀ» ¼³¸íÇغ¸°Ú½À´Ï´Ù.

	group : ¸®´ª½º ½Ã½ºÅÛÀÇ À¯ÀúµéÀ» ¸ð¾Æ³õÀº ±×·ì¸ñ·ÏÀÌ ÀÖ´Â ÆÄÀÏ
	hosts : ½Ã½ºÅÛ¿¡¼­ ¾Ë°í Àִ ȣ½ºÆ®µéÀÇ ¾ÆÀÌÇÇÁÖ¼Ò/µµ¸ÞÀÎ/È£½ºÆ®¸íÀÇ ¸ñ·Ï ÆÄÀÏ
	localtime : ·ÎÄÃÀÇ ½Ã°£À» °¡Áö´Â ÆÄÀÏÀΰ¡ º¾´Ï´Ù. (À߸𸣰ڱº¿ä blabla)
	my.cnf : MYSQL ÀÇ ¼³Á¤ÆÄÀÏ(ÀÌ°ÍÀº /etc ¾È¿¡ ÀÖ´ø°ÍÀÌ ¾Æ´Õ´Ï´Ù. ¸¸µé¾îÁØ°Í)
	nsswitch.conf : ³×ÀÓ¼­¹ö½ºÀ§Ä¡ °ü·ÃµÈ ¼³Á¤ÆÄÀÏÀ̱º¿ä. (º°ÇÊ¿ä¾øÀ»µí)
	passwd : ¸®´ª½ºÀÇ °èÁ¤Á¤º¸°¡ ÀÖ´Â ¸ñ·Ï ÆÄÀÏ
	resolv.conf : ¸®´ª½º¹Ú½º°¡ »ç¿ëÇÒ ³×ÀÓ¼­¹öµéÀÌ ÀûÇôÀÖ´Â ÆÄÀÏ
	shadow : passwd ÆÄÀÏ¿¡ ±âÀçµÈ °èÁ¤µéÀÇ ¾ÏȣȭµÈ Çؽúñ¹Ð¹øÈ£°¡ ÀÖ´Â ¸ñ·Ï ÆÄÀÏ
	

´ë·« ÀÌ·¸½À´Ï´Ù. ÀÌ ÆÄÀϵéÁß shadow ¸¸ Æ۹̼ÇÀ» 700 À¸·Î ÁÖ°í ³ª¸ÓÁö´Â ¸ðµÎ Àбâ±ÇÇÑÀ» ¿ÀÇÂµÈ »óÅ·ΠµÎ½Ã¸éµË´Ï´Ù. ¾Æ·¡ ó·³..

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls -al *
-rw-r--r--    1 root     root           53 10¿ù 28 20:20 group
-rw-r--r--    1 root     root          147 10¿ù 28 16:46 hosts
-rw-r--r--    1 root     root          152 10¿ù 28 16:46 localtime
-rw-r--r--    1 root     root          218 10¿ù 29 00:13 my.cnf
-rw-r--r--    1 root     root         1750 10¿ù 28 16:46 nsswitch.conf
-rw-r--r--    1 root     root          130 10¿ù 28 20:19 passwd
-rw-r--r--    1 root     root           88 10¿ù 28 16:46 resolv.conf
-rw-------    1 root     root           47 10¿ù 28 20:59 shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

À§ ÆÄÀϵéÀ» º¹»çÇØ ¿À±âÀü¿¡ ¿ì¸®´Â ¸ÕÀú ÇؾßÇÒ ¸î°¡ÁöÀÏÀÌ ÀÖ½À´Ï´Ù.

www(À¥¼­ºñ½º) °èÁ¤ ¸¸µé±â: °èÁ¤À» ¸¸µå´Â ¸í·É¾î´Â ¾Æ·¡¿Í °°½À´Ï´Ù.

useradd -c "Apache Server" -u 80 -s /bin/bash -d /chroot/usr/local/apache/htdocs
	

ÀÌ·¸°Ô Çϸé uid 80 ¹øÈ£¸¦ °¡Áø /bin/bash(½ÇÁ¦·Î ¾²¿©Áú°ÍÀº /chroot/bin/bash)¸¦ °¡Áø °èÁ¤ÀÌ »ý¼ºµÇÁÒ. ½ÇÁ¦ ÀÎÁõü°è¿¡¼­´Â chroot¾È¿¡ °èÁ¤Á¤º¸°¡ ÂüÁ¶µÇÁö´Â ¾ÊÁö¸¸ ÀÌ·¸°Ô º¹»çÇØÁÙ Çʿ伺ÀÌ Àֱ⿡ ¸¸µé¾îÁִ°̴ϴÙ.

±×¸®°í /chroot/etc ¾ÈÀ¸·Î º¹»ç¸¦ Çѵڿ¡.. ÇÊ¿äÇÑ °èÁ¤(root, www, mysql) ¸¸ ³²°Ü³õ°í passwd, shadow, group ÆÄÀÏÀÇ ¸ñ·Ï¿¡¼­ Áö¿öÁÖ¾î¾ß ÇÕ´Ï´Ù. Áö¿ì´Â°ÍÀº vi ÆíÁý±â¸¦ ¿­¾î¼­ dd¸¦ µÎ¹ø´©¸£¸é ÇÑÁÙ¾¿ Áö¿öÁý´Ï´Ù.

±×·¯¸é Çѹø È®ÀÎÇغ¼±î¿ä?

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]# cat passwd
root:x:0:0:root:/root:/bin/bash
www:x:80:80:Apache Server:/usr/local/apache:/bin/bash
mysql:x:500:500::/usr/local/mysql:/bin/bash
[root@koreasecurity etc]# cat shadow
www:!!:12353::::::
mysql:!!:12353:0:99999:7:::
[root@koreasecurity etc]# cat group
root:x:0:root
wheel:x:10:root
www:x:80:
mysql:x:500:
[root@koreasecurity etc]# cat my.cnf
[mysqld]
user=root
datadir=/usr/local/mysql/data
socket=/tmp/mysql.sock
skip-innodb

[client]
user=root
socket=/tmp/mysql.sock

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/usr/local/mysql/data/mysqld.pid

[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¾î¶²°¡¿ä? shadow ÆÄÀϾȿ¡´Â rootÀÇ ¾ÏȣȭµÈ ºñ¹Ð¹øÈ£°¡ µå·¯³ª±â ¶§¹®¿¡ Á¦°ÅÇØÁá½À´Ï´Ù. ±×·¯³ª ½ÇÁ¦ÀÇ /etc/shadow °¡ ¾Æ´Ï±â ¶§¹®¿¡ °ÆÁ¤ÇϽǰÍÀº ¾ø½À´Ï´Ù. ÀÌ°ÍÀ¸·Î ÆíÁýÀº ³¡³µ±º¿ä.

º¸¾ÈÀ» ¿øÇÑ´Ù¸é, ÀÌ ÆÄÀϵéÀÇ º¯Á¶¸¦ ¸·±âÀ§Çؼ­ ¸ðµç ÀÛ¾÷À» ¸¶Ä£µÚ¿¡ chattrÀ̶ó°í ÇÏ´Â ¸í·É¾î·Î½á ÆÄÀϵéÀ» Àá±ÅµÎ¸éµË´Ï´Ù. ¸ðµç ÆÄÀÏ ÀÛ¾÷À» Çѵڿ¡.. ±×·¸°Ô µÇ¸é ¾Æ·¡Ã³·³ chattr -i ¿É¼ÇÀ¸·Î Ç®Áö ¾Ê´ÂÇÑÀº ·çÆ®°èÁ¤À¸·Îµµ Áö¿ö ÁöÁö ¾Ê½À´Ï´Ù. chattr Àº root °èÁ¤¸¸ »ç¿ëÇÒ¼ö ÀÖÁö¸¸.. ½ÇÁ¦ chroot ¾È¿¡´Â Àú ÆÄÀÏÀ» º¹»çÇØÁÖÁö ¾ÊÀ»°ÍÀ̹ǷÎ, ÇØÄ¿°¡ À¥À»ÅëÇØ Á¢±ÙÇؿ͵µ Áö¿ï¼ö ¾øÀ» °ÍÀÔ´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]# chattr +i *
[root@koreasecurity etc]# rm -rf *
rm: cannot chdir from `.' to `group': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `hosts': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `localtime': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `my.cnf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `nsswitch.conf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `passwd': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `resolv.conf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `shadow': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¾î¶²°¡¿ä? Çϳªµµ Áö¿öÁöÁö°¡ ¾ÊÁÒ?

ÀÌ°ÍÀ¸·Î etc µµ ¸¶Ä¡°í, ´ÙÀ½À» »ìÆ캼±î¿ä..
---------------------------------------------------------------------------
[root@koreasecurity etc]# cd ..
[root@koreasecurity chroot]# cd dev
[root@koreasecurity dev]# ls -al
ÇÕ°è 12
drwxr-xr-x    2 root     root         4096 10¿ù 28 21:45 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
crw-rw-rw-    1 root     root       1,   3 10¿ù 28 16:45 null
-rw-r--r--    1 root     root           16 10¿ù 30 05:10 tty
[root@koreasecurity dev]# pwd
/chroot/dev
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

dev ÀÔ´Ï´Ù. Device(ÀåÄ¡)µéÀÌ µé¾î°¡´Â°÷Àä. ±âº»ÀûÀ¸·Î ÇϳªÀÇ ÀåÄ¡¸¸ ¸¸µé¾îÁÖ¸é µË´Ï´Ù. ±×ÀåÄ¡´Â °ø¹éÀåÄ¡(null)ÀÔ´Ï´Ù. ÀÌ°ÍÀº /dev/null ¿¡ ÀÖ°í ±×³É º¹»ç¸¦ ÇØÁÖ´Â°Ô ¾Æ´Ï¶ó ÀåÄ¡À̱⠶§¹®¿¡ mknod ¶ó´Â°ÍÀ¸·Î »ý¼ºÇØÁÖ¾î¾ß ÇÕ´Ï´Ù.

»ç¿ë¹ýÀº °£´ÜÇÕ´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity dev]# ls -al /dev/null
crw-rw-rw-    1 root     root       1,   3  8¿ù 31  2002 /dev/null
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

º¸½Ã¸é ¾Æ½Ã°ÚÁö¸¸, Àú±â °¡¿îµ¥ (1, 3) À̶ó°í µÇ¾î ÀÖ½À´Ï´Ù.

ÀÌ ¼ýÀÚ¸¦ º¸°í ±×´ë·Î »ç¿ëÇØÁÖ¸é µË´Ï´Ù. (blabla)

---------------------------------------------------------------------------
[root@koreasecurity dev]# rm -rf null
[root@koreasecurity dev]# ls
tty
[root@koreasecurity dev]# mknod null 1 3
mknod: ÀμöÀÇ °³¼ö°¡ À߸øµÇ¾ú½À´Ï´Ù
´õ ¸¹Àº Á¤º¸¸¦ ¾òÀ¸·¯¸é `mknod --help'¸í·ÉÀ» ÇϽʽÿÀ.
[root@koreasecurity dev]# mknod null c 1 3
[root@koreasecurity dev]# ls
null  tty
[root@koreasecurity dev]# ls -al
ÇÕ°è 12
drwxr-xr-x    2 root     root         4096 11¿ù  1 02:37 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
crw-r--r--    1 root     root       1,   3 11¿ù  1 02:37 null
-rw-r--r--    1 root     root           16 10¿ù 30 05:10 tty
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

Àμö°¡ 3°³À̱º¿ä. ¾Õ¿¡ c ºñÆ®°¡ ºÙ¾î ÀÖÁÒ? ±×°Íµµ º¸°í Àû¾îÁØ°ÅÁÒ

mknod null c 1 3
	

ÀÌ·¸°Ô Çؼ­ ³Î ÀåÄ¡µµ »ý¼ºµÇ¾ú½À´Ï´Ù. tty ¶ó´Â ÀåÄ¡´Â ÀϺη¯ »ý¼ºÇØÁÖÁö ¾Ê¾Æµµ, chroot ·Î ·Î±×ÀÎÇÏ¸é »ý¼ºµÇ°Ô µÇ¾î ÀÖ½À´Ï´Ù.

´ÙÀ½À¸·Î..

	
---------------------------------------------------------------------------
[root@koreasecurity dev]# cd ..
[root@koreasecurity chroot]# cd home
[root@koreasecurity home]# ls
[root@koreasecurity home]# ls -al
ÇÕ°è 8
drwxr-xr-x    2 root     root         4096 10¿ù 28 16:35 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
[root@koreasecurity home]#
---------------------------------------------------------------------------
	

Ȩµð·ºÅ丮´Â ½ÇÁ¦ °èÁ¤¼­ºñ½º¸¦ ÀÌ chroot ¾È¿¡¼­ ÇÏÁö ¾ÊÀ»°ÍÀ̱⠶§¹®¿¡ ±¸Áö ÇÊ¿ä°¡ ¾ø°Ú³×¿ä(ÀÌ µð·ºÅ丮´Â Áö¿ì¼Åµµ ¹«°ü..)

´ÙÀ½Àº ¸¹Àº ¶óÀ̺귯¸® ÆÄÀϵéÀÌ ¸ðÀÎ µð·ºÅ丮±º¿ä..

---------------------------------------------------------------------------
[root@koreasecurity home]# cd ..
[root@koreasecurity chroot]# rmdir home
[root@koreasecurity chroot]# cd lib
[root@koreasecurity lib]# ls
ld-linux.so.2             libnss1_files-2.2.93.so  libnss_ldap.so.2
libacl.so.1               libnss1_files.so.1       libnss_nis-2.2.93.so
libattr.so.1              libnss1_nis-2.2.93.so    libnss_nis.so.1
libc.so.6                 libnss1_nis.so.1         libnss_nis.so.2
libcrypt.so.1             libnss_compat-2.2.93.so  libnss_nisplus-2.2.93.so
libdl.so.2                libnss_compat.so.1       libnss_nisplus.so.2
libexpat.so.0             libnss_compat.so.2       libpam.so.0
libexpat.so.0.3.0         libnss_dns-2.2.93.so     libpam_misc.so.0
libgcc_s.so.1             libnss_dns.so.1          libproc.so.2.0.7
libm.so.6                 libnss_dns.so.2          libpthread.so.0
libncurses.so.5           libnss_files-2.2.93.so   libresolv.so.2
libnsl.so.1               libnss_files.so.1        librt.so.1
libnss1_compat-2.2.93.so  libnss_files.so.2        libstdc++.so.5
libnss1_compat.so.1       libnss_hesiod-2.2.93.so  libtermcap.so.2
libnss1_dns-2.2.93.so     libnss_hesiod.so.2       libz.so.1
libnss1_dns.so.1          libnss_ldap-2.2.90.so
[root@koreasecurity lib]#
---------------------------------------------------------------------------
	

¸³(¶óÀ̺귯¸®) µð·ºÅ丮´Â chroot ¾È¿¡¼­ ÀÛµ¿ÇÏ´Â ¸ðµç ¹ÙÀ̳ʸ®ÆÄÀϵéÀÌ ÀÛµ¿Çϱâ À§Çؼ­ ÀÇÁ¸ÇÏ´Â ¶óÀ̺귯¸®¸¦ º¹»çÇصаÍÀÔ´Ï´Ù. ÀÌ ¶óÀ̺귯¸® ÆÄÀϵéÀ» ¹«¾ùÀÌ ÇÊ¿äÇÑÁö ¾Ë¼ö Àִ°¡ Çϴ°ÍÀº ´ÙÀ½Àå¿¡¼­ ´Ù·ê°ÍÀÔ´Ï´Ù. (from.Áý³ª°£ ¶óÀ̺귯¸®Æí¿¡¼­..ÇìÇì)

lost+found µð·ºÅ丮´Â ½ÇÁ¦ ÇÊ¿ä°¡ ¾øÁö¸¸ ¸¸µé¾îÁØ°ÍÀÔ´Ï´Ù.(blabla)

root µð·ºÅ丮´Â /root ¸¦ ¸ð¹æÇÑ°ÍÀ¸·Î, ¾ø¾îµµ ¹«°üÇÏÁö¸¸ chroot ¶ó´Â°ÍÀ» ÇØÄ¿¿¡°Ô ½±°Ô µå·¯³ªÁö ¾Ê°Ô ÇÏ·Á´Â ±¸¼ºÀÔ´Ï´Ù. ÇÊ¿äÇÏ´Ù¸é ¸¸µå¼¼¿ä.

sbin µð·ºÅ丮µµ /bin°ú ¸¶Âù°¡Áö·Î ÇÊ¿äÇÑ ÅøµéÀ» º¹»çÇߴµ¥¿ä. ±ÍÂúÀ¸½Ã¸é cp -R /sbin /chroot ÇϽøéµË´Ï´Ù. Åë°·Î º¹»ç¸¦..

´ÙÀ½À¸·Î tmp µð·ºÅ丮´Â ÀÓ½ÃÆÄÀϵéÀ» ÀÛ¾÷ÇÏ´Â µð·ºÅ丮Àε¥, ÀÌ°ÍÀº ±×³É ¸¸µé¾î ÁÖ½Ã¸é µË´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity chroot]# ls -al | grep tmp
drwxrwxrwt    2 root     root         4096 11¿ù  1 01:47 tmp
[root@koreasecurity chroot]# cd tmp
[root@koreasecurity tmp]# ls
mysql.sock
[root@koreasecurity tmp]#
---------------------------------------------------------------------------
	

µð·ºÅ丮¸¦ mkdir tmp ·Î ¸¸µçµÚ¿¡ chmod 1777 tmp ·Î½á ±ÇÇÑÀ» ÁÝ´Ï´Ù. ¿©±â¼­ 1 Àº ³¡¿¡ ºÙÀº t(temp) ºñÆ®À̸ç, 777Àº rwxrwxrwx ÀÔ´Ï´Ù. rwxrwxrwx ·Î ±ÇÇÑÀ» ÁÖÁö ¾ÊÀ¸¸é, mysql ÀÇ Àӽà ¼ÒÄÏÆÄÀÏÀÎ mysql.sock ÆÄÀÏÀÌ Á¦´ë·Î »ý¼ºµÇÁö ¾Ê¾Æ À¥¼­¹ö¸¦ ±¸µ¿½Ã ¿À·ù¸¦ ³»¹Ç·Î, ±ÇÇÑÀ» Á¦´ë·Î ÁֽʽÿÀ.

¾Æ..µð·ºÅ丮°¡ Âü ¸¹±º¿ä. (¼³¸íÇϱâ Èûµå³×¿ä..~_~)

usr µð·ºÅ丮´Â usr/local ¾È¿¡ apache ¶û mysql µîÀ̶û.. ÀÌ¿¡ ÇÊ¿äÇÑ ¶óÀ̺귯¸® ȤÀº include(Çìµå)ÆÄÀϵé°ú usr/bin ÆÄÀϵéÀÌ ¿È°ÜÁú µð·ºÅ丮¿¡¿ä.

»ìÆ캼±î¿ä ? ÁýÁßÇϼ¼¿ä ..

---------------------------------------------------------------------------
[root@koreasecurity tmp]# cd ..
[root@koreasecurity chroot]# cd usr
[root@koreasecurity usr]# ls
bin  include  lib  local  sbin  share
[root@koreasecurity usr]#
---------------------------------------------------------------------------
	

bin : usr/bin À» ±×´ë·Î º¹»çÇØÁØ°ÍÀÔ´Ï´Ù.

include : 
---------------------------------------------------------------------------
[root@koreasecurity usr]# pwd
/chroot/usr
[root@koreasecurity usr]# cd include
[root@koreasecurity include]# ls
mysql
[root@koreasecurity include]# cd mysql
[root@koreasecurity mysql]# ls
chardefs.h  m_ctype.h    my_net.h         mysql_com.h      sslopt-case.h
dbug.h      m_string.h   my_no_pthread.h  mysql_version.h  sslopt-longopts.h
errmsg.h    my_config.h  my_pthread.h     mysqld_error.h   sslopt-usage.h
history.h   my_global.h  my_sys.h         raid.h           sslopt-vars.h
keymaps.h   my_list.h    mysql.h          readline.h       tilde.h
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

ÀÌ include/mysql ¿¡´Â mysql ¼³Ä¡½Ã¿¡ ¸¸µé¾îÁø ÇìµåÆÄÀϵéÀ» ¿È°Ü³õÀº°ÍÀε¥.. ¿øº»Àº /usr/include/mysql ÀÌÁÒ.. ±×´ë·Î ¿È°Ü¿À½Ã¸é µË´Ï´Ù. ¿©±â ÀÖ´Â °ÍÀº ³­Áß¿¡ mysql °ü·ÃÇؼ­ »ç¿ëÇÏ°Ô µÇ´Â ¾¾¾ð¾î ¼Ò½º¸¦ ÀÛ¼º½Ã¿¡ »ç¿ëÇÏ°Ô µÇ°ÚÁÒ

lib :
---------------------------------------------------------------------------
[root@koreasecurity usr]# cd lib
[root@koreasecurity lib]# ls
mysql
[root@koreasecurity lib]# cd mysql
[root@koreasecurity mysql]# ls
libdbug.a    libmyisammrg.a     libmysqlclient.so.10      libnisam.a
libheap.a    libmysqlclient.a   libmysqlclient.so.10.0.0
libmerge.a   libmysqlclient.la  libmystrings.a
libmyisam.a  libmysqlclient.so  libmysys.a
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

mysql ¼³Ä¡½Ã¿¡ Æ÷ÇÔµÈ ÆÄÀϵéÀ» ¿È°Ü³õÀº°ÍÀε¥, mysql ÀÛµ¿¿¡ ÇÊ¿äÇÑ ¶óÀ̺귯¸® ÆÄÀϵéÀÔ´Ï´Ù. ¼³Ä¡½Ã¿¡ /usr/lib/mysql ¿¡ ÀÖ´ø°ÍÀε¥, ±×´ë·Î ¿È°ÜÁÖ½Ã¸é µË´Ï´Ù.

sbin : ÀÌ µð·ºÅ丮 ¿ª½Ã /usr/sbin À» ±×´ë·Î ¿È°ÜÁÖ½Ã¸é µË´Ï´Ù.

¸¶Áö¸·À¸·Î share ¸¦ »ìÆ캼±î¿ä..

---------------------------------------------------------------------------
[root@koreasecurity mysql]# cd ..
[root@koreasecurity include]# cd ..
[root@koreasecurity usr]# cd share
[root@koreasecurity share]# ls
man  man1  man2  man3  man4  man5  man6  man7  man8  man9  mann  mysql  pt_BR
[root@koreasecurity share]# cd mysql
[root@koreasecurity mysql]# ls
binary-configure  greek                     my-large.cnf        portuguese
charsets          hungarian                 my-medium.cnf       romanian
czech             italian                   my-small.cnf        russian
danish            japanese                  mysql-3.23.58.spec  slovak
dutch             korean                    mysql-log-rotate    spanish
english           make_binary_distribution  mysql.server        swedish
estonian          mi_test_all               norwegian           ukrainian
french            mi_test_all.res           norwegian-ny
german            my-huge.cnf               polish
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

¿ª½Ã /usr/share ¸¦ ¿È°Ü³õÀº°ÍÀ¸·Î °øÀ¯ÆÄÀϵéÀÌ µé¾î ÀÖ´Â µð·ºÅ丮ÁÒ. mysql¿¡ °ü·ÃµÈ °øÀ¯ÆÄÀϵ鵵 ÀÖ±º¿ä. ¿È°ÜÁÖ½Ã¸é µÇ°Ú³×¿ä.

---------------------------------------------------------------------------
[root@koreasecurity mysql]# cd ..
[root@koreasecurity share]# cd ..
[root@koreasecurity usr]# cd local
[root@koreasecurity local]# ls
apache  bin  etc  include  k_sec  lib  mysql  share
[root@koreasecurity local]# pwd
/chroot/usr/local
[root@koreasecurity local]#
---------------------------------------------------------------------------
	

usr/local ¿¡´Â ¾ê±âÇÞµíÀÌ ±âº»¼³Ä¡ÇÑ /usr/local/apache µð·ºÅ丮¿Í mysqlµð·ºÅ丮 ÀÚü¸¦ ÀÌ°÷¿¡ º¹»çÇßÀ¸¸ç, bin ¿ª½Ã ±×·¸½À´Ï´Ù. ³ª¸ÓÁöµµ º¹»ç¸¦ Çߴµ¥, µð·ºÅ丮¸¦ »ìÆ캸¸é ¾Æ·¡¿Í °°½À´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity local]# cd etc
[root@koreasecurity etc]# ls
pear.conf
[root@koreasecurity etc]#
[root@koreasecurity etc]# cd ..
[root@koreasecurity local]# cd include
[root@koreasecurity include]# ls
php
[root@koreasecurity include]# cd php
[root@koreasecurity php]# ls
TSRM  Zend  acconfig.h  ext  main  regex
[root@koreasecurity php]#
[root@koreasecurity php]# cd ..
[root@koreasecurity include]# cd ..
[root@koreasecurity local]# cd lib
[root@koreasecurity lib]# ls
php
[root@koreasecurity lib]# cd php
[root@koreasecurity php]# ls
Archive  DB.php    Mail.php  PEAR        XML    doc          test
Console  HTTP.php  Net       PEAR.php    build  extensions
DB       Mail      OS        System.php  data   pearcmd.php
[root@koreasecurity php]# cd ..
[root@koreasecurity lib]# cd ..
[root@koreasecurity local]# pwd
/chroot/usr/local
[root@koreasecurity local]# cd share
[root@koreasecurity share]# pwd
/chroot/usr/local/share
[root@koreasecurity share]# ls
info  man
[root@koreasecurity share]# cd ..
[root@koreasecurity local]# cd ..
[root@koreasecurity usr]#
---------------------------------------------------------------------------
	

ÀÌ·¸°Ô ¿ª½Ã ¿È°Ü³õÀº°ÍÀÔ´Ï´Ù. ÀüºÎ APM ¿¡ ±¸µ¿¿¡ ÇÊ¿äÇÑ ÆÄÀϵéÀÌ´Ï.. ±×´ë·Î ¼³Ä¡µÈ °æ·Î¿¡ ¸ÂÃç¼­ ¿È°ÜÁØ°ÍÀÌÁÒ. /chroot ¸¦ / ¶ó°í »ý°¢ÇÏ°í.. ÀÌÇصǽÃÁÒ~

¤¾¤¾ ÇÑÀå ³Ñ±â±â µÅ°Ô Èûµå³×¿ä.. ´ÙÀ½ÀåÀ¸·Î ..


4. ¶óÀ̺귯¸®ÀÇ °¡Ãâ

chroot ·Î /chroot -> / ·Î Çؼ­ ÁøÀÔÇßÀ»¶§, »ç¿ëµÇ´Â ½ÇÇàÆÄÀϵéÀ» ÀÛµ¿ÇÏ·Á´Âµ¥ ¿À·ù°¡ ³­´Ù°í¿ä? ¶óÀ̺귯¸®°¡ ¾ø´Ù´ÂµÕ.. ±×·±½ÄÀÇ ¿µ¹®À¸·ÎµÈ ¿À·ù°¡ ³ªÁÒ. ±×·²¶© ¶óÀ̺귯¸® ÆÄÀϵéÀÌ °¡ÃâÀ» ÇÑ°ÍÀÌ¶ó º¸¸éµË´Ï´Ù.

Ex) °¡ÃâÇÑ ÀڽĶ§¹®¿¡ °¡Á·µéÀÌ ½ÄŹ¿¡ µÑ·¯¾É¾Æ ¸ÀÀÖ´Â Àú³á½Ä»ç¸¦ ÇÏÁö ¸øÇÏ°í °ÆÁ¤ÇÏ°í ÀÖ´Â »óÅÂÀΰÅÁÒ. (°¡Á·=½ÇÇàÆÄÀÏ, ÀÚ½Ä=¶óÀ̺귯¸®ÆÄÀÏ)

±×·¯¸é ¾î¶»°Ô ¶óÀ̺귯¸® ÆÄÀϵé.. ÀڽĵéÀ» ¾Ë¾Æº¸°í, Ȩ±×¶ó¿îµå(Áý¾È)À¸·Î µ¥·Á¿À´À³Ä? Áï /lib À̳ª /usr/lib ¾È¿¡ ¾î¶² ÆÄÀϵéÀÌ ÁøÁ¤ /chroot/lib ¾ÈÀ¸·Î ¿È°Ü¿Í¾ß ÇÏ´À³Ä?? ±×°ÍÀÌ ¹®Á¦ÁÒ.. °£´ÜÇÕ´Ï´Ù.

ldd(¿¤µðµð)¶ó´Â ÅøÀÌ ÀÖ½À´Ï´Ù.

ldd ÆÄÀϸí
	

ÀÌ·¸°Ô »ç¿ëÇϴµ¥, ÆÄÀÏÀÌ »ç¿ëÇÏ´Â ¶óÀ̺귯¸® ÆÄÀÏÀÇ °æ·Î¸¦ ¸ðµÎ º¸¿©ÁÝ´Ï´Ù. ±×·¯´Ï º¹»çÇØÁÖ½Ã¸é µÇ°ÚÁÒ? ÇÊ¿ä¿¡ µû¶ó..(Á¶±Ý ±ÍÂú±ä ÇÕ´Ï´Ù)

---------------------------------------------------------------------------
[root@koreasecurity /]# ldd /bin/bash
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x0012a000)
        libdl.so.2 => /lib/libdl.so.2 (0x0012f000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/ls
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x0012a000)
        libacl.so.1 => /lib/libacl.so.1 (0x0012f000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00135000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/cp
        libacl.so.1 => /lib/libacl.so.1 (0x0012a000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00131000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/rm
        libacl.so.1 => /lib/libacl.so.1 (0x0012a000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00131000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/uname
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]#
---------------------------------------------------------------------------
	

¾ðµå ½ºÅĵå?

        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
	

ÀÌÁÙÀ» º¸¸é /lib/i686/libc.so.6 ÀÌ °æ·Î¿¡ ÀÖ´Â ¶óÀ̺귯¸® ÆÄÀÏÀÌ ÇÊ¿äÇϴٴ°ÅÁÒ. ±×·¯¸é, cp /lib/i686/libc.so.6 /chroot/lib ÇØÁֽøé, °ÔÀÓ ¿À¹ö µÇ°ÚÁÒ? °¡ÃâÇÑ ¶óÀ̺귯¸®(ÀÚ½Ä)µéÀ» Çϳª¾¿ ÁýÀ¸·Î µ¥·Á¿À´Â ÀÛ¾÷ÀÌ¾ß ¸»·Î, ÀÌ °­Àǹ®ÀÇ ÇÙ½ÉÀ̶ó°í ÇÒ¼öÀÖ°ÚÁÒ..

ÀÌÁ¦ ¸ðµç°ÍÀº ³¡³µ½À´Ï´Ù.


5. ¼­¹ö±¸µ¿

ÀÌÁ¦ chroot ¾È¿¡ ¼³Ä¡ÇÑ °¢Á¾¼­¹öµéÀ» ±¸µ¿Çغ¸´Â ½Ã°£ÀÔ´Ï´Ù.

°£´ÜÈ÷ ÇÒ¼ö ÀÖ½À´Ï´Ù. ±¸µ¿Áß¿¡ ¿À·ù°¡ ³ª´Â °æ¿ìµµ ÀÖÀ»°ÍÀÔ´Ï´Ù. ±×·±°æ¿ì¿¡´Â ¼­¹ö°ü·Ã ¸Þ´º¾óÀ» ÂüÁ¶ÇϽþî, ÇØ°áÇÏ½Ã±æ ¹Ù¶ø´Ï´Ù.

	¾ÆÆÄÄ¡ ±¸µ¿ÆÄÀÏ : /chroot/usr/local/apache/bin/apachectl
	MySQL ±¸µ¿ÆÄÀÏ : /chroot/usr/local/mysql/bin/safe_mysqld
	

ÀÌ·¸°Ô µÇÁÒ?

±×·¯³ª chroot ·Î /chroot -> / ·Î º¯È¯ÇÏ°í ³ª¸é..

	¾ÆÆÄÄ¡ ±¸µ¿ÆÄÀÏ : /usr/local/apache/bin/apachectl
	MySQL ±¸µ¿ÆÄÀÏ : /usr/local/mysql/bin/safe_mysqld
	

ÀÌ·± °æ·Î°¡ µÇÁÒ? ±×·³ °£´ÜÇÕ´Ï´Ù.

vi ÆíÁý±â·Î /etc/rc.local ÆÄÀÏÀ» ¿­¾î¼­ ¾Æ·¡µÎÁÙÀ» Ãß°¡ÇÕ´Ï´Ù.

chroot /chroot /usr/local/apache/bin/apachectl start
chroot /chroot /usr/local/mysql/bin/safe_mysqld &
	

ÀÌ·¸°Ô ÇÏ°í ÀúÀåÇѵÚ, ½Ã½ºÅÛÀ» Àç°¡µ¿ÇϸéµË´Ï´Ù. ±×·¯¸é Àç°¡µ¿ÇÒ¶§ À§ÀÇ ¸í·ÉÇàµéÀÌ ½ÇÇàµÇ°í.. /chroot µð·ºÅ丮·Î »óÀ§µð·ºÅ丮°¡ º¯È¯µÈµÚ ¾ÆÆÄÄ¡À¥¼­¹ö¸¦ °¡µ¿ÇÏ°í mysql µ¥¸ó¿ª½Ã °¡µ¿½Ãŵ´Ï´Ù. ±×¸®°í ±× ¾È¿¡ ÀÖ´Â°Ô ¾Æ´Ï¶ó.. Àú µÎ°¡Áö ÀÛµ¿µÈ ÇÁ·Î¼¼½ºµé¸¸ /chroot ¸¦ / ¶ó°í Âø°¢ÇÏ°í ÀÛµ¿ÇÏ°Ô µÇ´Â °ÍÀÔ´Ï´Ù. ?-.- ¹Ùº¸µÇ´Â°ÅÁÒ..(babo)

ÀÌ°ÍÀ¸·Î ±¸µ¿µµ ¾î·ÆÁö ¾Ê³×¿ä..

syslog ³ª ±×·±°Å¿¡ ´ëÇÑ°ÍÀº »ý·«Çϵµ·Ï ÇÏ°Ú½À´Ï´Ù.


6. Á¤¸» ¾ÈÀüÇÒ±î?

Á¤¸» ¾ÈÀüÇÑÁö ¸ð¸£½Ã°Ú´Ù°í¿ä? ÀϹÝÀûÀ¸·Î À¥À» ÅëÇؼ­ ¾î¶²½ÄÀ¸·Î Á¢±ÙÇϵçÁö ½Ã½ºÅÛ»óÀ¸·Î ħÅõÇϱâ À§Çؼ­´Â À¥°èÁ¤(www)·Î ½©»ó¿¡ ¸í·É¾î¸¦ ½ÇÇàÇÏ·Á ÇÒ°ÍÀÔ´Ï´Ù. ±×·¸´Ù¸é.. ÀÌ Ä§ÅõÇÑ ÇØÄ¿µéÀ̳ª ȤÀº PTµéÀÌ..

cat /etc/passwd 
	

¶ó°í ¸í·ÉÀ» ÁÖ¸é ¾î¶»°Ô µÉ±î¿ä? ½ÇÁ¦ /etc/passwd ÀÌ º¸¿©Áú±î¿ä? ¾Æ´Ï¸é /chroot/etc/passwd °¡ º¸¿©Áú±î¿ä?

´ç¿¬ÇÏÁÒ.. ÈÄÀÚÀÔ´Ï´Ù. ¾ÆÆÄÄ¡À¥¼­¹ö´Â /chroot ¸¦ / ·Î »ý°¢ÇÏ°í ÀÛµ¿ÁßÀ̱⠶§¹®ÀÔ´Ï´Ù. ±×·¡¼­ Áß¿äÇÑ °èÁ¤µéÀÇ ¸ñ·ÏÀº µå·¯³ªÁö ¾Ê°ÔµË´Ï´Ù.

¶Ç ¿­½ÉÈ÷ ³ë·Â(??ÇØÅ·)Çؼ­ /etc/shadow ÆÄÀÏÀ» ¾òÀºµé.. ¾Æ¹«¼Ò¿ëÀÌ ¾ø½À´Ï´Ù. ¿Ö³Ä? ½ÇÁ¦·Î ¾ò´Â°Ç /chroot/etc/shadow À̱⿡...ÈæÈæ..

¿ª½Ã Áß¿äÇÑ µ¥ÀÌŸ´Â À̾ȿ¡ µÎÁö ¾ÊÀ»°ÍÀ̱⠶§¹®¿¡, chroot ¸¦ ±ú´Â ±â¹ýÀ̳ª,mysql µ¥ÀÌŸº£À̽º¿¡ ½Ã½ºÅÛ»óÀÇ root °èÁ¤ ºñ¹Ð¹øÈ£¸¦ ³²±âÁö ¾Ê´ÂÇÑÀº ¾Æ¹«·± È¿¿ëÀÌ ¾ø¾îÁú°ÍÀÔ´Ï´Ù.

ÀÌÁ¦ ¾î´ÀÁ¤µµ ¾ÈÀüÇÏ´Ù°í º¼¼ö ÀÖ°ÚÁÒ? ( ¼­¹ö°¡ root ±ÇÇÑÀ¸·Î ÀÛµ¿Çϰųª, suid ¹ö±×°¡ ÀÖ´Â ÆÄÀÏÀÌ chroot µð·ºÅ丮 ¾È¿¡ ¾ø´Ù´Â °¡Á¤ ) ÀÌ ¹æ¹ýÀ¸·Î À¥À» °¡µÎ´Â°ÍÀ» chroot jail ±â¹ýÀ̶ó°í ºÎ¸£±âµµ ÇÕ´Ï´Ù. ¿ÏÀüÇÏÁö´Â ¾ÊÁö¸¸, Àß °ü¸®ÇÑ´Ù¸é ´ëºÎºÐÀÇ ¾î¸®¼®°í ÁغñµéµÈ ÇØÄ¿µéÀÇ Àå³­À¸·Î ºÎÅÍ´Â ¿ÏÀüÈ÷ º¸È£µÉ¼ö ÀÖÀ»°Å¶ó Àå´ãÇÕ´Ï´Ù.

ÀÌ ¹®¼­ÀÇ ÇÙ½ÉÀº ÀÌ°Í¿¡ Àִ°ÍÀÌÁÒ. "½Ã½ºÅÛÁ¤º¸º¸È£"

Chroot ·Î ¾ÈÀüÇÑ WebServer/MySQL ±¸ÃàÇϱâ

Chroot ·Î ¾ÈÀüÇÑ WebServer/MySQL ±¸ÃàÇϱâ

Á¤°æÁÖ

                    
                

1 November 2003, DocBook Edit by pibonazi (at) hotmail.com : 3 November 2003


º» ¹®¼­¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¸í½ÃµÈ ÀÛ¼ºÀÚ¿¡°Ô ÀÖ½À´Ï´Ù. ¹®¼­¿¡ ´ëÇÑ ¹èÆ÷´Â ¸ðµÎ Çã¿ëÇϸç, ³»¿ëÀÇ Á¤Á¤ÀÌ ÇÊ¿äÇÒ¶§´Â Çã¶ôÀ» ¸ÃÀ¸¼Å¾ß ÇÕ´Ï´Ù. ÀÓÀÇ·Î ¼öÁ¤ÇÏ¿© ¹®¼­¸¦ ¹èÆ÷½Ã¿¡´Â ÀúÀ۱ǹý¿¡ µû¶ó ó¹ú ¹Þ½À´Ï´Ù. ¿ÀŸ³ª À߸øµÈ ºÎºÐÀº ¼öÁ¤À» ÇÏÁö ¾ÊÀ»°ÍÀ̸ç, Plat ¹®¼­·Î ³²±â°í ½Í½À´Ï´Ù. Àß º¸½Ã°í, chroot ·Î ¾ÈÀüÇÑ ¼­¹ö¸¦ ±¸ÃàÇϼ¼¿ä È­ÀÌÆÃ~ :=).


1. Chroot ÀÇ ÀÌÇØ

Chroot ¶ó´Â°ÍÀº ¸»ÀÌ ÇÊ¿ä¾ø½À´Ï´Ù. Àú´Â °³ÀÎÀûÀ¸·Î Change Root ¶ó°í ºÎ¸¨´Ï´Ù. ÃÖ»óÀ§µð·ºÅ丮¸¦ Àӽà ±³Ã¼Çϴ°ÍÀÔ´Ï´Ù. Áï.. ¸ÇÆäÀÌÁö¿¡´Â¾Æ·¡Ã³·³ ³ª¿Í ÀÖ½À´Ï´Ù.

NAME
	chroot  -  run  command  or interactive shell with special root directory
	

Áï, ¸®´ª½º ½Ã½ºÅÛÀÇ ÃÖ»óÀ§µð·ºÅ丮´Â / ÀÔ´Ï´Ù. ±×·¯³ª /chroot¶ó´Â µð·ºÅ丮¸¦ Çϳª »ý¼ºÇÑµÚ ±× µð·ºÅ丮¸¦ ÃÖ»óÀ§ µð·ºÅ丮·Î ÀüȯÇÒ¼ö°¡ ÀÖ½À´Ï´Ù. ±×°ÍÀÌ Chroot À̸ç, glibc ¶óÀ̺귯¸®·Î chroot ¶ó´Â C¾ð¾î ÇÔ¼ö¸¦ Á¦°øÇÕ´Ï´Ù. ÀÌ ÇÔ¼ö¸¦ ÀÌ¿ëÇؼ­ ¸¸µé¾îÁø°ÍÀÌ chroot ¹ÙÀ̳ʸ® ÀÔ´Ï´Ù.

---------------------------------------------------------------------------
[root@localhost root]# ls -al /usr/sbin/chroot
-rwxr-xr-x    1 root     root        11232  2¿ù 19  2003 /usr/sbin/chroot
[root@localhost root]#
---------------------------------------------------------------------------
	

±×·¯³ª, ¾Æ¹«µð·ºÅ丮³ª ÁöÁ¤ÇÏ°í ±³Ã¼ÇÏ·Á°í ÇÑ´Ù¸é ºÐ¸í ½ÇÆÐÇÒ°ÍÀÔ´Ï´Ù. ±× µð·ºÅ丮¾È¿¡´Â ÇÊ¿äÇÑ°ÍÀÌ Àִµ¥, ±âº»ÀûÀ¸·Î ½©ÆÄÀÏ°ú ½©ÀÌ ±¸µ¿Çϱ⿡ ÇÊ¿äÇÑ ¶óÀ̺귯¸®°¡ ¸ðµÎ ÀÖ¾î¾ßÇÕ´Ï´Ù. ±×¸®°í ÇÊ¿äÇÑ ¼³Á¤ÆÄÀϵ鵵 ³Ö¾îÁÖ¸é ÁÁ½À´Ï´Ù. Áï..

/chroot/bin
/chroot/etc
/chroot/lib
/chroot/usr
/chroot/tmp
/chroot/var
/chroot/dev
	

ÀÌ·± ½ÄÀ¸·Î µð·ºÅ丮¿Í ÇÊ¿äÇÑ ÆÄÀϵéÀ» À籸¼ºÇϴ°ÍÀÔ´Ï´Ù. ½ÇÁ¦ ¸®´ª½º »óÀ§µð·ºÅ丮ó·³ ¸»ÀÌÁÒ. ÀÌÇØÇϼ̽À´Ï±î?

bin ¾È¿¡´Â ¿ì¸®°¡ »ç¿ëÇÒ ¹Ù¿î½º½©(bash) µµ ÇÊ¿äÇÏ°í, chroot ¾È¿¡¼­ »ç¿ëÇÒ ¹ÙÀ̳ʸ® ÆÄÀϵ鵵 ÇÊ¿äÇÏ°ÚÁÒ? À̸¦Å׸é ls , cp , mv , rm ,mkdir ....

etc ¾È¿¡´Â ¹¹.. chroot ¾È¿¡¼­¸¸ »ç¿ëÇÒ º¹Á¦ÆÇ passwd , shadow , group hosts .... ¸î¸î°³¸¸ ÀÖÀ¸¸é µÇ°ÙÁÒ?

lib ¾È¿¡¾ß ¸»ÇҰ͵µ ¾ø½À´Ï´Ù. chroot ·Î ÁøÀÔÇѵڿ¡ ÀÛµ¿ÇÒ ¹ÙÀ̳ʸ® ÆÄÀϵéÀÌ ÇÊ¿ä·ÎÇÏ´Â ¶óÀ̺귯¸®ÆÄÀÏÀº ¸ðµÎ ¿©±â¿¡ º¹»çÇØÁÖ¸é µË´Ï´Ù.

usr ¾È¿¡´Â /usr/local/apache ³ª /usr/local/mysql ¸¦ ¿ø·¡ÀÇ ½Ã½ºÅÛ¿¡ ¼³Ä¡µÈ °æ·Î·Î ÇÒ°ÍÀ̱⠶§¹®¿¡ ³­Áß¿¡ ¾ÆÆÄÄ¡³ª µ¥ÀÌŸº£À̽º¼­¹ö ±¸µ¿¿¡ ÇÊ¿äÇÑ ÆÄÀÏÀ» ±×´ë·Î ¿È°ÜÁÖ¸é µÇ°ÚÁÒ? µð·ºÅ丮 ÀÚü..;;

tmp ¿¡´Â ÇÊ¿ä¾÷ÁÒ ¹¹..

var µµ º°°Ç ¾ø°í run µð·ºÅ丮³ª logs µð·ºÅ丮¸¦ ¸¸µé¾îÁÖ¸é µË´Ï´Ù.

¸¶Áö¸·À¸·Î dev °°Àº°æ¿ì´Â ÁÖ·Î ¾²ÀÌ´Â /dev/null(°ø¹éÀåÄ¡)¸¸ mknod ·Î ¸¸µé¾î ÁÖ¸é µÇ°Ú½À´Ï´Ù.

±×·¯¸é ÀÌ°ÍÀ¸·Î chroot¿¡ ´ëÇÑ ÀÌÇظ¦ ¸¶ÃƽÀ´Ï´Ù. ¸¶Áö¸·À¸·Î À§¿¡¼­ ¼Ò°³ÇÑ chroot ¶ó´Â ¾¾¾ð¾î ÇÔ¼ö¿¡ ´ëÇÑ ¸ÇÆäÀÌÁöÀÇ ¸Þ´º¾óÀ» ¾à°£¸¸ º¼±î¿ä?

# man 2 chroot
---------------------------------------------------------------------------
          CHROOT(2)            ¸®´ª½º ÇÁ·Î±×·¡¸Ó ¸Þ´º¾ó           CHROOT(2)

          À̸§
                 chroot - ·çÆ® µð·ºÅ丮¸¦ ¹Ù²Û´Ù.

          »ç¿ë¹ý
                 #include < unistd.h >

                 int chroot(const char *path);

---------------------------------------------------------------------------
#include< unistd.h >

main(){
int ret;

ret = chroot("/chroot"); 

if(ret==0) printf("chroot ÀÛµ¿ ¼º°ø\n");
else printf("chroot ÀÛµ¿ ½ÇÆÐ\n");
}
	

°£´ÜÈ÷ ÀÌ·± ¼Ò½º·Î °¡´ÉÇÏ°ÚÁÒ? ¹¹ ¼º°øÇÏ¸é ¸®ÅÏ°ªÀÌ 0 ÀÌ°í, ¾Æ´Ï¸é -1 À» ¸®ÅÏÇÑ´Ù°í Çϳ׿ä.. ¾¾¾ð¾î¸¦ ¾Æ½Ã´Â ºÐÀÌ¸é ´Ù ¾Æ½ÇÅ×ÁÒ.. ´ÙÀ½À¸·Î ³Ñ¾î°¡µµ·Ï ÇÏ°Ú½À´Ï´Ù.


2. APM Á¤»ó ¼³Ä¡

APM(Apache Php Mysql)ÀÇ ¹­À½¸»ÀÌÁÒ?

	A = °ø°³¿ë ¾ÆÆÄÄ¡ À¥¼­¹ö ( 80 Æ÷Æ®¸¦ »ç¿ë )
	P = °ø°³¿ë PHP À¥ÇÁ·Î±×·¡¹Ö ¾ð¾î (  À¸·Î ±¸¼ºµÊ )
	M = °ø°³¿ë MYSQL µ¥ÀÌŸº£À̽º ¼­¹ö ( 3306 Æ÷Æ®¸¦ »ç¿ë )
	

ÀÌ·¸°Ô ¾ÆÆÄÄ¡À¥¼­¹ö¸¦ ±â¹ÝÀ¸·Î PHP¾ð¾î°¡ ÀÛµ¿ÇÕ´Ï´Ù. ¾ÆÆÄÄ¡À¥¼­¹ö¿¡ PHPÀÇ ¸ðµâÀÌ Å¾Àç µÇ´Â°ÍÀÌÁÒ. ±×¸®°í MYSQLÀº PHP ¼³Á¤½Ã¿¡ µð·ºÅ丮°¡ ÁÖ¾îÁö´Âµ¥ PHP ¸ðµâÀÌ MYSQL ¼­¹ö¿¡ Äõ¸®(ÁúÀǹ®)¸¦ º¸³»¼­, µ¥ÀÌŸº£À̽ºÀÇ Á¤º¸¸¦ ÁÖ°Å´Ï ¹Þ°Å´Ï Çϸ鼭 À¥¼­¹ö¿¡ Á¢¼ÓÇÑ À¥¹æ¹®ÀÚ¿¡°Ô ¾Ë¸Â°Ô Á¶¸®Çؼ­ º¸¿©ÁÖ°Ô µË´Ï´Ù.

ÀÌ·±½ÄÀ¸·Î ±¸¼ºµÈ°ÍÀº À¥»ó¿¡ http://µµ¸ÞÀÎ/file.php ȤÀº php3 µîÀ̳ª.. °æ¿ì¿¡ µû¶ó¼­´Â htm html ±îÁöµµ PHP ½ºÅ©¸³Æ®´Â ÇüÅ·ΠÆÄÀÏ¿¡ »ðÀԵǾ ÀÛµ¿Çϱ⵵ ÇÕ´Ï´Ù.

ÀÌ°ÍÀÌ ¾îµð¿¡ ÀÛµ¿ÇÏ´ÂÁö ¸ð¸£½Å´Ù¸é, ¿¹¸¦µéÁÒ? À¥°Ô½ÃÆÇ, ȸ¿ø¼­ºñ½º, ÀÚ·á½Ç, ¼îÇθô, ¸ÞÀϸµ¸®½ºÆ®, ¹æ¸í·Ï ... µîµîÀÇ À¥¾ÖÇø®ÄÉÀ̼ǵéÀÔ´Ï´Ù. ³×ƼÁðÀ̶ó¸é ÀÚÁÖ Á¢Çϴ°͵éÀÌÁÒ.

ÀÌÁ¦ APM ¿¡ ´ëÇÑ ÀÌÇظ¦ ÇϼÌÀ¸¸®¶ó ¹Ï½À´Ï´Ù. ¼³Ä¡¿¡ ´ëÇؼ­´Â ¿©·¯°¡Áö ¼ö¾øÀÌ ¸¹Àº ¸Þ´º¾óÀÌ ÀÖÁö¸¸.. ÀÌ ¹®¼­¿¡¼­´Â ÁÖÁ¦¿¡ ÃÐÁ¡À» ¸ÂÃß±âÀ§Çؼ­ ¼­¹ö¼³Ä¡°úÁ¤Àº ´ãÁö ¾Ê½À´Ï´Ù. ¼³Ä¡´Â °ü·Ã Ã¥ÀÚ³ª ´ÙÀ½¸µÅ©¿¡¼­ Àо½Ã°í µû¶óÇϽñ⠹ٶø´Ï´Ù.

http://linux.co.kr/theme/pageview.html?ca=200101=28=apm=³ª¸¸ÀÇ%20À¥¼­¹ö%20²Ù¹Ì±â

ÀÌÁ¦ /usr/local/apache µð·ºÅ丮¿¡´Â ¾ÆÆÄÄ¡ À¥¼­¹ö¸¦ ¼³Ä¡ÇÏ°í, /usr/local/mysql¿¡´Â ¸¶ÀÌ¿¡½ºÅ¥¿¤ µ¥ÀÌŸº£À̽º¸¦ ¼³Ä¡ÇÑ µð·ºÅ丮¶ó´Â °¡Á¤ÇÏ¿¡¼­ ¹®¼­¸¦ °è¼Ó ÁøÇàÇÏ°Ú½À´Ï´Ù.


3. º¹Á¦ ÆÄÀϽýºÅÛ "BreakBreak"

¿ì¸®ÀÇ À¯ÀüÀÚº¹Á¦±â¼úÀ» ½Ã¿¬Çغ¸¿´´ø 'º¹Á¦¾ç µ¹¸®' °¡ »ý°¢À̳ª¼­ ŸÀÌƲÀ» Á¤Çߴµ¥ ±¦ÂúÀº°¡¿ä? BreakBreak(¾ÆÁÖ³­ÇØÇѴܾî:¿Ü°è¾î-´ÚºÏ¿¡µðÅÍÁÖ:¿Ü°è¾î°¡ À§Å°À§Å°¿¡ ÀÔ·ÂÀÌ ¾ÈµË´Ï´Ù. -_-;) ..;;

ÀÌ Àå¿¡¼­´Â ¹«¾ùÀ» ¾Ë¾Æº¸·Á°í µÇÁöµµ¾Ê´Â À¯¸Ó¸¦ ±¸»çÇϴ°¡? ÇϽÇÅÙµ¥¿ä.. °£´ÜÇÕ´Ï´Ù. ¾Æ±îÀü¿¡ chroot¿¡ ´ëÇؼ­ ¼³¸íµå·È´Ù½ÃÇÇ, µð·ºÅ丮³ª ÇÊ¿äÇÑ ÆÄÀϵéÀ» À籸¼ºÇϴ°ÍÀÔ´Ï´Ù. ¹¹ ±×°Í¿¡ ´ëÇؼ­ ¾î¶²¾î¶² °ÍµéÀ» À籸¼ºÇØÁÖ¾î¾ß ÇÏ´ÂÁö¿¡ ´ëÇؼ­ ´Ù·ïº¼°ÍÀÔ´Ï´Ù.

ÇÊÀÚ°¡ ¹®¼­¾²´Â°Ô »õº®ÀÎÁö¶ó.. ´Ù½Ã ÇÏ·Á¸é ¹®¼­¾²´Â ½Ã°£ÀÌ ²Ï³ª ±æ¾îÁú°Í °°¾Æ¼­, ¹Ì¸® ±¸¼ºÇسõÀº ¼­¹ö¿¡ Á¢¼ÓÇؼ­ ĸÃÄÇؼ­ ºÎºÐºÎºÐ ¼³¸íÇÏ°Ú½À´Ï´Ù.

¾çÇعٷ¡¿ä ..

---------------------------------------------------------------------------
[root@koreasecurity /]# ls -al / | grep chroot
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 chroot
[root@koreasecurity /]#
---------------------------------------------------------------------------
	

755 ·Î ±âº» ±ÇÇÑÀ¸·Î µÇ¾î ÀÖÁÒ? ·çÆ®¼ÒÀ¯ÀÚ·Î..

mkdir /chroot ·Î ¸¸µç°ÍÀÔ´Ï´Ù. ÀÌ µð·ºÅ丮¸¦ chroot ·Î »óÀ§µð·ºÅ丮·Î ÀüȯÇÒ°ÅÁÒ.. ÀÌÇصǽÃÁÒ?

±×·³ /chroot µð·ºÅ丮¾È¿¡ µé¾î°¡¼­ ÇϳªÇϳª µÇ¤¾îº¼²²¿ä.

---------------------------------------------------------------------------
[root@koreasecurity /]# cd /chroot
[root@koreasecurity chroot]# ls
bin  dev  etc  home  lib  lost+found  root  sbin  tmp  usr  var
[root@koreasecurity chroot]# pwd
/chroot
[root@koreasecurity chroot]#
---------------------------------------------------------------------------
	

»óÀ§µð·ºÅ丮 ó·³ À籸¼ºµÇ¾î ÀÖÁÒ?

bin ºÎÅÍ »ìÆ캸ÁÒ.

---------------------------------------------------------------------------
[root@koreasecurity chroot]# cd bin
[root@koreasecurity bin]# ls
arch        cut            gawk      ls             rm         touch
ash         date           gettext   mkdir          rmdir      true
ash.static  dd             grep      mknod          rpm        umount
awk         df             gtar      mktemp         rvi        uname
basename    dnsdomainname  gunzip    more           rview      unicode_start
bash        doexec         gzip      mount          sed        unicode_stop
bash2       domainname     hostname  mt             setfont    unlink
bsh         dumpkeys       igawk     mv             setserial  usleep
cat         echo           ipcalc    netstat        sh         vi
chgrp       ed             kbd_mode  nice           sleep      view
chmod       egrep          kill      nisdomainname  sort       ypdomainname
chown       env            link      pgawk          stty       zcat
cp          ex             ln        ps             sync
cpio        false          loadkeys  pwd            tar
csh         fgrep          login     red            tcsh
[root@koreasecurity bin]# pwd
/chroot/bin
[root@koreasecurity bin]#
---------------------------------------------------------------------------
	

º¸½Ã´Â ¹Ù¿Í °°ÀÌ /bin À» ¿È°Ü³õÀº°ÍÀÔ´Ï´Ù. ¿ø·¡´Â À¥¿¡¼­ Á¢±ÙÇÏ´Â ¹æ¹®ÀÚµéÀº ÀÌ·± ¸í·É¾îµéÀ» º°·Î ¾µÀÏÀÌ ¾ø±â ¶§¹®¿¡, ¸î¸î°³¸¸ ³²°ÜµÎ°í Áö¿ì¼Åµµ µÇÁö¸¸, ¹ü¿ë¼ºÀ» À§Çؼ­ ±×³É µÎ¾ú½À´Ï´Ù. ÀÌ°÷¿¡ ÀÖ´Â ¹ÙÀ̳ʸ®ÆÄÀϵéÀº.. chroot ·Î º¯È¯µÇ¾î /chroot °¡ -> / °¡ µÉ¶§ ±×¼Ó¿¡¼­ »ç¿ëµÉ ¹ÙÀ̳ʸ® ¸í·É¾î ÆÄÀϵéÀÌÁÒ.

´ÙÀ½Àº etc ¸¦ º¼±î¿ä?

---------------------------------------------------------------------------
[root@koreasecurity bin]# cd ..
[root@koreasecurity chroot]# cd etc
[root@koreasecurity etc]# pwd
/chroot/etc
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¿©±â¿¡ ÀÖ´Â ÆÄÀϵéÀº /etc ¾È¿¡ Àִ°ÍÀ» ¸î°³ cp ¸í·ÉÀ¸·Î º¹»çÇÑ°ÍÀÔ´Ï´Ù. ÇϳªÇϳª ±â´ÉÀ» ¼³¸íÇغ¸°Ú½À´Ï´Ù.

	group : ¸®´ª½º ½Ã½ºÅÛÀÇ À¯ÀúµéÀ» ¸ð¾Æ³õÀº ±×·ì¸ñ·ÏÀÌ ÀÖ´Â ÆÄÀÏ
	hosts : ½Ã½ºÅÛ¿¡¼­ ¾Ë°í Àִ ȣ½ºÆ®µéÀÇ ¾ÆÀÌÇÇÁÖ¼Ò/µµ¸ÞÀÎ/È£½ºÆ®¸íÀÇ ¸ñ·Ï ÆÄÀÏ
	localtime : ·ÎÄÃÀÇ ½Ã°£À» °¡Áö´Â ÆÄÀÏÀΰ¡ º¾´Ï´Ù. (À߸𸣰ڱº¿ä blabla)
	my.cnf : MYSQL ÀÇ ¼³Á¤ÆÄÀÏ(ÀÌ°ÍÀº /etc ¾È¿¡ ÀÖ´ø°ÍÀÌ ¾Æ´Õ´Ï´Ù. ¸¸µé¾îÁØ°Í)
	nsswitch.conf : ³×ÀÓ¼­¹ö½ºÀ§Ä¡ °ü·ÃµÈ ¼³Á¤ÆÄÀÏÀ̱º¿ä. (º°ÇÊ¿ä¾øÀ»µí)
	passwd : ¸®´ª½ºÀÇ °èÁ¤Á¤º¸°¡ ÀÖ´Â ¸ñ·Ï ÆÄÀÏ
	resolv.conf : ¸®´ª½º¹Ú½º°¡ »ç¿ëÇÒ ³×ÀÓ¼­¹öµéÀÌ ÀûÇôÀÖ´Â ÆÄÀÏ
	shadow : passwd ÆÄÀÏ¿¡ ±âÀçµÈ °èÁ¤µéÀÇ ¾ÏȣȭµÈ Çؽúñ¹Ð¹øÈ£°¡ ÀÖ´Â ¸ñ·Ï ÆÄÀÏ
	

´ë·« ÀÌ·¸½À´Ï´Ù. ÀÌ ÆÄÀϵéÁß shadow ¸¸ Æ۹̼ÇÀ» 700 À¸·Î ÁÖ°í ³ª¸ÓÁö´Â ¸ðµÎ Àбâ±ÇÇÑÀ» ¿ÀÇÂµÈ »óÅ·ΠµÎ½Ã¸éµË´Ï´Ù. ¾Æ·¡ ó·³..

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls -al *
-rw-r--r--    1 root     root           53 10¿ù 28 20:20 group
-rw-r--r--    1 root     root          147 10¿ù 28 16:46 hosts
-rw-r--r--    1 root     root          152 10¿ù 28 16:46 localtime
-rw-r--r--    1 root     root          218 10¿ù 29 00:13 my.cnf
-rw-r--r--    1 root     root         1750 10¿ù 28 16:46 nsswitch.conf
-rw-r--r--    1 root     root          130 10¿ù 28 20:19 passwd
-rw-r--r--    1 root     root           88 10¿ù 28 16:46 resolv.conf
-rw-------    1 root     root           47 10¿ù 28 20:59 shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

À§ ÆÄÀϵéÀ» º¹»çÇØ ¿À±âÀü¿¡ ¿ì¸®´Â ¸ÕÀú ÇؾßÇÒ ¸î°¡ÁöÀÏÀÌ ÀÖ½À´Ï´Ù.

www(À¥¼­ºñ½º) °èÁ¤ ¸¸µé±â: °èÁ¤À» ¸¸µå´Â ¸í·É¾î´Â ¾Æ·¡¿Í °°½À´Ï´Ù.

useradd -c "Apache Server" -u 80 -s /bin/bash -d /chroot/usr/local/apache/htdocs
	

ÀÌ·¸°Ô Çϸé uid 80 ¹øÈ£¸¦ °¡Áø /bin/bash(½ÇÁ¦·Î ¾²¿©Áú°ÍÀº /chroot/bin/bash)¸¦ °¡Áø °èÁ¤ÀÌ »ý¼ºµÇÁÒ. ½ÇÁ¦ ÀÎÁõü°è¿¡¼­´Â chroot¾È¿¡ °èÁ¤Á¤º¸°¡ ÂüÁ¶µÇÁö´Â ¾ÊÁö¸¸ ÀÌ·¸°Ô º¹»çÇØÁÙ Çʿ伺ÀÌ Àֱ⿡ ¸¸µé¾îÁִ°̴ϴÙ.

±×¸®°í /chroot/etc ¾ÈÀ¸·Î º¹»ç¸¦ Çѵڿ¡.. ÇÊ¿äÇÑ °èÁ¤(root, www, mysql) ¸¸ ³²°Ü³õ°í passwd, shadow, group ÆÄÀÏÀÇ ¸ñ·Ï¿¡¼­ Áö¿öÁÖ¾î¾ß ÇÕ´Ï´Ù. Áö¿ì´Â°ÍÀº vi ÆíÁý±â¸¦ ¿­¾î¼­ dd¸¦ µÎ¹ø´©¸£¸é ÇÑÁÙ¾¿ Áö¿öÁý´Ï´Ù.

±×·¯¸é Çѹø È®ÀÎÇغ¼±î¿ä?

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]# cat passwd
root:x:0:0:root:/root:/bin/bash
www:x:80:80:Apache Server:/usr/local/apache:/bin/bash
mysql:x:500:500::/usr/local/mysql:/bin/bash
[root@koreasecurity etc]# cat shadow
www:!!:12353::::::
mysql:!!:12353:0:99999:7:::
[root@koreasecurity etc]# cat group
root:x:0:root
wheel:x:10:root
www:x:80:
mysql:x:500:
[root@koreasecurity etc]# cat my.cnf
[mysqld]
user=root
datadir=/usr/local/mysql/data
socket=/tmp/mysql.sock
skip-innodb

[client]
user=root
socket=/tmp/mysql.sock

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/usr/local/mysql/data/mysqld.pid

[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¾î¶²°¡¿ä? shadow ÆÄÀϾȿ¡´Â rootÀÇ ¾ÏȣȭµÈ ºñ¹Ð¹øÈ£°¡ µå·¯³ª±â ¶§¹®¿¡ Á¦°ÅÇØÁá½À´Ï´Ù. ±×·¯³ª ½ÇÁ¦ÀÇ /etc/shadow °¡ ¾Æ´Ï±â ¶§¹®¿¡ °ÆÁ¤ÇϽǰÍÀº ¾ø½À´Ï´Ù. ÀÌ°ÍÀ¸·Î ÆíÁýÀº ³¡³µ±º¿ä.

º¸¾ÈÀ» ¿øÇÑ´Ù¸é, ÀÌ ÆÄÀϵéÀÇ º¯Á¶¸¦ ¸·±âÀ§Çؼ­ ¸ðµç ÀÛ¾÷À» ¸¶Ä£µÚ¿¡ chattrÀ̶ó°í ÇÏ´Â ¸í·É¾î·Î½á ÆÄÀϵéÀ» Àá±ÅµÎ¸éµË´Ï´Ù. ¸ðµç ÆÄÀÏ ÀÛ¾÷À» Çѵڿ¡.. ±×·¸°Ô µÇ¸é ¾Æ·¡Ã³·³ chattr -i ¿É¼ÇÀ¸·Î Ç®Áö ¾Ê´ÂÇÑÀº ·çÆ®°èÁ¤À¸·Îµµ Áö¿ö ÁöÁö ¾Ê½À´Ï´Ù. chattr Àº root °èÁ¤¸¸ »ç¿ëÇÒ¼ö ÀÖÁö¸¸.. ½ÇÁ¦ chroot ¾È¿¡´Â Àú ÆÄÀÏÀ» º¹»çÇØÁÖÁö ¾ÊÀ»°ÍÀ̹ǷÎ, ÇØÄ¿°¡ À¥À»ÅëÇØ Á¢±ÙÇؿ͵µ Áö¿ï¼ö ¾øÀ» °ÍÀÔ´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]# chattr +i *
[root@koreasecurity etc]# rm -rf *
rm: cannot chdir from `.' to `group': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `hosts': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `localtime': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `my.cnf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `nsswitch.conf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `passwd': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `resolv.conf': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
rm: cannot chdir from `.' to `shadow': µð·ºÅ丮°¡ ¾Æ´Õ´Ï´Ù
[root@koreasecurity etc]# ls
group  hosts  localtime  my.cnf  nsswitch.conf  passwd  resolv.conf  shadow
[root@koreasecurity etc]#
---------------------------------------------------------------------------
	

¾î¶²°¡¿ä? Çϳªµµ Áö¿öÁöÁö°¡ ¾ÊÁÒ?

ÀÌ°ÍÀ¸·Î etc µµ ¸¶Ä¡°í, ´ÙÀ½À» »ìÆ캼±î¿ä..
---------------------------------------------------------------------------
[root@koreasecurity etc]# cd ..
[root@koreasecurity chroot]# cd dev
[root@koreasecurity dev]# ls -al
ÇÕ°è 12
drwxr-xr-x    2 root     root         4096 10¿ù 28 21:45 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
crw-rw-rw-    1 root     root       1,   3 10¿ù 28 16:45 null
-rw-r--r--    1 root     root           16 10¿ù 30 05:10 tty
[root@koreasecurity dev]# pwd
/chroot/dev
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

dev ÀÔ´Ï´Ù. Device(ÀåÄ¡)µéÀÌ µé¾î°¡´Â°÷Àä. ±âº»ÀûÀ¸·Î ÇϳªÀÇ ÀåÄ¡¸¸ ¸¸µé¾îÁÖ¸é µË´Ï´Ù. ±×ÀåÄ¡´Â °ø¹éÀåÄ¡(null)ÀÔ´Ï´Ù. ÀÌ°ÍÀº /dev/null ¿¡ ÀÖ°í ±×³É º¹»ç¸¦ ÇØÁÖ´Â°Ô ¾Æ´Ï¶ó ÀåÄ¡À̱⠶§¹®¿¡ mknod ¶ó´Â°ÍÀ¸·Î »ý¼ºÇØÁÖ¾î¾ß ÇÕ´Ï´Ù.

»ç¿ë¹ýÀº °£´ÜÇÕ´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity dev]# ls -al /dev/null
crw-rw-rw-    1 root     root       1,   3  8¿ù 31  2002 /dev/null
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

º¸½Ã¸é ¾Æ½Ã°ÚÁö¸¸, Àú±â °¡¿îµ¥ (1, 3) À̶ó°í µÇ¾î ÀÖ½À´Ï´Ù.

ÀÌ ¼ýÀÚ¸¦ º¸°í ±×´ë·Î »ç¿ëÇØÁÖ¸é µË´Ï´Ù. (blabla)

---------------------------------------------------------------------------
[root@koreasecurity dev]# rm -rf null
[root@koreasecurity dev]# ls
tty
[root@koreasecurity dev]# mknod null 1 3
mknod: ÀμöÀÇ °³¼ö°¡ À߸øµÇ¾ú½À´Ï´Ù
´õ ¸¹Àº Á¤º¸¸¦ ¾òÀ¸·¯¸é `mknod --help'¸í·ÉÀ» ÇϽʽÿÀ.
[root@koreasecurity dev]# mknod null c 1 3
[root@koreasecurity dev]# ls
null  tty
[root@koreasecurity dev]# ls -al
ÇÕ°è 12
drwxr-xr-x    2 root     root         4096 11¿ù  1 02:37 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
crw-r--r--    1 root     root       1,   3 11¿ù  1 02:37 null
-rw-r--r--    1 root     root           16 10¿ù 30 05:10 tty
[root@koreasecurity dev]#
---------------------------------------------------------------------------
	

Àμö°¡ 3°³À̱º¿ä. ¾Õ¿¡ c ºñÆ®°¡ ºÙ¾î ÀÖÁÒ? ±×°Íµµ º¸°í Àû¾îÁØ°ÅÁÒ

mknod null c 1 3
	

ÀÌ·¸°Ô Çؼ­ ³Î ÀåÄ¡µµ »ý¼ºµÇ¾ú½À´Ï´Ù. tty ¶ó´Â ÀåÄ¡´Â ÀϺη¯ »ý¼ºÇØÁÖÁö ¾Ê¾Æµµ, chroot ·Î ·Î±×ÀÎÇÏ¸é »ý¼ºµÇ°Ô µÇ¾î ÀÖ½À´Ï´Ù.

´ÙÀ½À¸·Î..

	
---------------------------------------------------------------------------
[root@koreasecurity dev]# cd ..
[root@koreasecurity chroot]# cd home
[root@koreasecurity home]# ls
[root@koreasecurity home]# ls -al
ÇÕ°è 8
drwxr-xr-x    2 root     root         4096 10¿ù 28 16:35 .
drwxr-xr-x   13 root     root         4096 10¿ù 28 19:32 ..
[root@koreasecurity home]#
---------------------------------------------------------------------------
	

Ȩµð·ºÅ丮´Â ½ÇÁ¦ °èÁ¤¼­ºñ½º¸¦ ÀÌ chroot ¾È¿¡¼­ ÇÏÁö ¾ÊÀ»°ÍÀ̱⠶§¹®¿¡ ±¸Áö ÇÊ¿ä°¡ ¾ø°Ú³×¿ä(ÀÌ µð·ºÅ丮´Â Áö¿ì¼Åµµ ¹«°ü..)

´ÙÀ½Àº ¸¹Àº ¶óÀ̺귯¸® ÆÄÀϵéÀÌ ¸ðÀÎ µð·ºÅ丮±º¿ä..

---------------------------------------------------------------------------
[root@koreasecurity home]# cd ..
[root@koreasecurity chroot]# rmdir home
[root@koreasecurity chroot]# cd lib
[root@koreasecurity lib]# ls
ld-linux.so.2             libnss1_files-2.2.93.so  libnss_ldap.so.2
libacl.so.1               libnss1_files.so.1       libnss_nis-2.2.93.so
libattr.so.1              libnss1_nis-2.2.93.so    libnss_nis.so.1
libc.so.6                 libnss1_nis.so.1         libnss_nis.so.2
libcrypt.so.1             libnss_compat-2.2.93.so  libnss_nisplus-2.2.93.so
libdl.so.2                libnss_compat.so.1       libnss_nisplus.so.2
libexpat.so.0             libnss_compat.so.2       libpam.so.0
libexpat.so.0.3.0         libnss_dns-2.2.93.so     libpam_misc.so.0
libgcc_s.so.1             libnss_dns.so.1          libproc.so.2.0.7
libm.so.6                 libnss_dns.so.2          libpthread.so.0
libncurses.so.5           libnss_files-2.2.93.so   libresolv.so.2
libnsl.so.1               libnss_files.so.1        librt.so.1
libnss1_compat-2.2.93.so  libnss_files.so.2        libstdc++.so.5
libnss1_compat.so.1       libnss_hesiod-2.2.93.so  libtermcap.so.2
libnss1_dns-2.2.93.so     libnss_hesiod.so.2       libz.so.1
libnss1_dns.so.1          libnss_ldap-2.2.90.so
[root@koreasecurity lib]#
---------------------------------------------------------------------------
	

¸³(¶óÀ̺귯¸®) µð·ºÅ丮´Â chroot ¾È¿¡¼­ ÀÛµ¿ÇÏ´Â ¸ðµç ¹ÙÀ̳ʸ®ÆÄÀϵéÀÌ ÀÛµ¿Çϱâ À§Çؼ­ ÀÇÁ¸ÇÏ´Â ¶óÀ̺귯¸®¸¦ º¹»çÇصаÍÀÔ´Ï´Ù. ÀÌ ¶óÀ̺귯¸® ÆÄÀϵéÀ» ¹«¾ùÀÌ ÇÊ¿äÇÑÁö ¾Ë¼ö Àִ°¡ Çϴ°ÍÀº ´ÙÀ½Àå¿¡¼­ ´Ù·ê°ÍÀÔ´Ï´Ù. (from.Áý³ª°£ ¶óÀ̺귯¸®Æí¿¡¼­..ÇìÇì)

lost+found µð·ºÅ丮´Â ½ÇÁ¦ ÇÊ¿ä°¡ ¾øÁö¸¸ ¸¸µé¾îÁØ°ÍÀÔ´Ï´Ù.(blabla)

root µð·ºÅ丮´Â /root ¸¦ ¸ð¹æÇÑ°ÍÀ¸·Î, ¾ø¾îµµ ¹«°üÇÏÁö¸¸ chroot ¶ó´Â°ÍÀ» ÇØÄ¿¿¡°Ô ½±°Ô µå·¯³ªÁö ¾Ê°Ô ÇÏ·Á´Â ±¸¼ºÀÔ´Ï´Ù. ÇÊ¿äÇÏ´Ù¸é ¸¸µå¼¼¿ä.

sbin µð·ºÅ丮µµ /bin°ú ¸¶Âù°¡Áö·Î ÇÊ¿äÇÑ ÅøµéÀ» º¹»çÇߴµ¥¿ä. ±ÍÂúÀ¸½Ã¸é cp -R /sbin /chroot ÇϽøéµË´Ï´Ù. Åë°·Î º¹»ç¸¦..

´ÙÀ½À¸·Î tmp µð·ºÅ丮´Â ÀÓ½ÃÆÄÀϵéÀ» ÀÛ¾÷ÇÏ´Â µð·ºÅ丮Àε¥, ÀÌ°ÍÀº ±×³É ¸¸µé¾î ÁÖ½Ã¸é µË´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity chroot]# ls -al | grep tmp
drwxrwxrwt    2 root     root         4096 11¿ù  1 01:47 tmp
[root@koreasecurity chroot]# cd tmp
[root@koreasecurity tmp]# ls
mysql.sock
[root@koreasecurity tmp]#
---------------------------------------------------------------------------
	

µð·ºÅ丮¸¦ mkdir tmp ·Î ¸¸µçµÚ¿¡ chmod 1777 tmp ·Î½á ±ÇÇÑÀ» ÁÝ´Ï´Ù. ¿©±â¼­ 1 Àº ³¡¿¡ ºÙÀº t(temp) ºñÆ®À̸ç, 777Àº rwxrwxrwx ÀÔ´Ï´Ù. rwxrwxrwx ·Î ±ÇÇÑÀ» ÁÖÁö ¾ÊÀ¸¸é, mysql ÀÇ Àӽà ¼ÒÄÏÆÄÀÏÀÎ mysql.sock ÆÄÀÏÀÌ Á¦´ë·Î »ý¼ºµÇÁö ¾Ê¾Æ À¥¼­¹ö¸¦ ±¸µ¿½Ã ¿À·ù¸¦ ³»¹Ç·Î, ±ÇÇÑÀ» Á¦´ë·Î ÁֽʽÿÀ.

¾Æ..µð·ºÅ丮°¡ Âü ¸¹±º¿ä. (¼³¸íÇϱâ Èûµå³×¿ä..~_~)

usr µð·ºÅ丮´Â usr/local ¾È¿¡ apache ¶û mysql µîÀ̶û.. ÀÌ¿¡ ÇÊ¿äÇÑ ¶óÀ̺귯¸® ȤÀº include(Çìµå)ÆÄÀϵé°ú usr/bin ÆÄÀϵéÀÌ ¿È°ÜÁú µð·ºÅ丮¿¡¿ä.

»ìÆ캼±î¿ä ? ÁýÁßÇϼ¼¿ä ..

---------------------------------------------------------------------------
[root@koreasecurity tmp]# cd ..
[root@koreasecurity chroot]# cd usr
[root@koreasecurity usr]# ls
bin  include  lib  local  sbin  share
[root@koreasecurity usr]#
---------------------------------------------------------------------------
	

bin : usr/bin À» ±×´ë·Î º¹»çÇØÁØ°ÍÀÔ´Ï´Ù.

include : 
---------------------------------------------------------------------------
[root@koreasecurity usr]# pwd
/chroot/usr
[root@koreasecurity usr]# cd include
[root@koreasecurity include]# ls
mysql
[root@koreasecurity include]# cd mysql
[root@koreasecurity mysql]# ls
chardefs.h  m_ctype.h    my_net.h         mysql_com.h      sslopt-case.h
dbug.h      m_string.h   my_no_pthread.h  mysql_version.h  sslopt-longopts.h
errmsg.h    my_config.h  my_pthread.h     mysqld_error.h   sslopt-usage.h
history.h   my_global.h  my_sys.h         raid.h           sslopt-vars.h
keymaps.h   my_list.h    mysql.h          readline.h       tilde.h
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

ÀÌ include/mysql ¿¡´Â mysql ¼³Ä¡½Ã¿¡ ¸¸µé¾îÁø ÇìµåÆÄÀϵéÀ» ¿È°Ü³õÀº°ÍÀε¥.. ¿øº»Àº /usr/include/mysql ÀÌÁÒ.. ±×´ë·Î ¿È°Ü¿À½Ã¸é µË´Ï´Ù. ¿©±â ÀÖ´Â °ÍÀº ³­Áß¿¡ mysql °ü·ÃÇؼ­ »ç¿ëÇÏ°Ô µÇ´Â ¾¾¾ð¾î ¼Ò½º¸¦ ÀÛ¼º½Ã¿¡ »ç¿ëÇÏ°Ô µÇ°ÚÁÒ

lib :
---------------------------------------------------------------------------
[root@koreasecurity usr]# cd lib
[root@koreasecurity lib]# ls
mysql
[root@koreasecurity lib]# cd mysql
[root@koreasecurity mysql]# ls
libdbug.a    libmyisammrg.a     libmysqlclient.so.10      libnisam.a
libheap.a    libmysqlclient.a   libmysqlclient.so.10.0.0
libmerge.a   libmysqlclient.la  libmystrings.a
libmyisam.a  libmysqlclient.so  libmysys.a
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

mysql ¼³Ä¡½Ã¿¡ Æ÷ÇÔµÈ ÆÄÀϵéÀ» ¿È°Ü³õÀº°ÍÀε¥, mysql ÀÛµ¿¿¡ ÇÊ¿äÇÑ ¶óÀ̺귯¸® ÆÄÀϵéÀÔ´Ï´Ù. ¼³Ä¡½Ã¿¡ /usr/lib/mysql ¿¡ ÀÖ´ø°ÍÀε¥, ±×´ë·Î ¿È°ÜÁÖ½Ã¸é µË´Ï´Ù.

sbin : ÀÌ µð·ºÅ丮 ¿ª½Ã /usr/sbin À» ±×´ë·Î ¿È°ÜÁÖ½Ã¸é µË´Ï´Ù.

¸¶Áö¸·À¸·Î share ¸¦ »ìÆ캼±î¿ä..

---------------------------------------------------------------------------
[root@koreasecurity mysql]# cd ..
[root@koreasecurity include]# cd ..
[root@koreasecurity usr]# cd share
[root@koreasecurity share]# ls
man  man1  man2  man3  man4  man5  man6  man7  man8  man9  mann  mysql  pt_BR
[root@koreasecurity share]# cd mysql
[root@koreasecurity mysql]# ls
binary-configure  greek                     my-large.cnf        portuguese
charsets          hungarian                 my-medium.cnf       romanian
czech             italian                   my-small.cnf        russian
danish            japanese                  mysql-3.23.58.spec  slovak
dutch             korean                    mysql-log-rotate    spanish
english           make_binary_distribution  mysql.server        swedish
estonian          mi_test_all               norwegian           ukrainian
french            mi_test_all.res           norwegian-ny
german            my-huge.cnf               polish
[root@koreasecurity mysql]#
---------------------------------------------------------------------------
	

¿ª½Ã /usr/share ¸¦ ¿È°Ü³õÀº°ÍÀ¸·Î °øÀ¯ÆÄÀϵéÀÌ µé¾î ÀÖ´Â µð·ºÅ丮ÁÒ. mysql¿¡ °ü·ÃµÈ °øÀ¯ÆÄÀϵ鵵 ÀÖ±º¿ä. ¿È°ÜÁÖ½Ã¸é µÇ°Ú³×¿ä.

---------------------------------------------------------------------------
[root@koreasecurity mysql]# cd ..
[root@koreasecurity share]# cd ..
[root@koreasecurity usr]# cd local
[root@koreasecurity local]# ls
apache  bin  etc  include  k_sec  lib  mysql  share
[root@koreasecurity local]# pwd
/chroot/usr/local
[root@koreasecurity local]#
---------------------------------------------------------------------------
	

usr/local ¿¡´Â ¾ê±âÇÞµíÀÌ ±âº»¼³Ä¡ÇÑ /usr/local/apache µð·ºÅ丮¿Í mysqlµð·ºÅ丮 ÀÚü¸¦ ÀÌ°÷¿¡ º¹»çÇßÀ¸¸ç, bin ¿ª½Ã ±×·¸½À´Ï´Ù. ³ª¸ÓÁöµµ º¹»ç¸¦ Çߴµ¥, µð·ºÅ丮¸¦ »ìÆ캸¸é ¾Æ·¡¿Í °°½À´Ï´Ù.

---------------------------------------------------------------------------
[root@koreasecurity local]# cd etc
[root@koreasecurity etc]# ls
pear.conf
[root@koreasecurity etc]#
[root@koreasecurity etc]# cd ..
[root@koreasecurity local]# cd include
[root@koreasecurity include]# ls
php
[root@koreasecurity include]# cd php
[root@koreasecurity php]# ls
TSRM  Zend  acconfig.h  ext  main  regex
[root@koreasecurity php]#
[root@koreasecurity php]# cd ..
[root@koreasecurity include]# cd ..
[root@koreasecurity local]# cd lib
[root@koreasecurity lib]# ls
php
[root@koreasecurity lib]# cd php
[root@koreasecurity php]# ls
Archive  DB.php    Mail.php  PEAR        XML    doc          test
Console  HTTP.php  Net       PEAR.php    build  extensions
DB       Mail      OS        System.php  data   pearcmd.php
[root@koreasecurity php]# cd ..
[root@koreasecurity lib]# cd ..
[root@koreasecurity local]# pwd
/chroot/usr/local
[root@koreasecurity local]# cd share
[root@koreasecurity share]# pwd
/chroot/usr/local/share
[root@koreasecurity share]# ls
info  man
[root@koreasecurity share]# cd ..
[root@koreasecurity local]# cd ..
[root@koreasecurity usr]#
---------------------------------------------------------------------------
	

ÀÌ·¸°Ô ¿ª½Ã ¿È°Ü³õÀº°ÍÀÔ´Ï´Ù. ÀüºÎ APM ¿¡ ±¸µ¿¿¡ ÇÊ¿äÇÑ ÆÄÀϵéÀÌ´Ï.. ±×´ë·Î ¼³Ä¡µÈ °æ·Î¿¡ ¸ÂÃç¼­ ¿È°ÜÁØ°ÍÀÌÁÒ. /chroot ¸¦ / ¶ó°í »ý°¢ÇÏ°í.. ÀÌÇصǽÃÁÒ~

¤¾¤¾ ÇÑÀå ³Ñ±â±â µÅ°Ô Èûµå³×¿ä.. ´ÙÀ½ÀåÀ¸·Î ..


4. ¶óÀ̺귯¸®ÀÇ °¡Ãâ

chroot ·Î /chroot -> / ·Î Çؼ­ ÁøÀÔÇßÀ»¶§, »ç¿ëµÇ´Â ½ÇÇàÆÄÀϵéÀ» ÀÛµ¿ÇÏ·Á´Âµ¥ ¿À·ù°¡ ³­´Ù°í¿ä? ¶óÀ̺귯¸®°¡ ¾ø´Ù´ÂµÕ.. ±×·±½ÄÀÇ ¿µ¹®À¸·ÎµÈ ¿À·ù°¡ ³ªÁÒ. ±×·²¶© ¶óÀ̺귯¸® ÆÄÀϵéÀÌ °¡ÃâÀ» ÇÑ°ÍÀÌ¶ó º¸¸éµË´Ï´Ù.

Ex) °¡ÃâÇÑ ÀڽĶ§¹®¿¡ °¡Á·µéÀÌ ½ÄŹ¿¡ µÑ·¯¾É¾Æ ¸ÀÀÖ´Â Àú³á½Ä»ç¸¦ ÇÏÁö ¸øÇÏ°í °ÆÁ¤ÇÏ°í ÀÖ´Â »óÅÂÀΰÅÁÒ. (°¡Á·=½ÇÇàÆÄÀÏ, ÀÚ½Ä=¶óÀ̺귯¸®ÆÄÀÏ)

±×·¯¸é ¾î¶»°Ô ¶óÀ̺귯¸® ÆÄÀϵé.. ÀڽĵéÀ» ¾Ë¾Æº¸°í, Ȩ±×¶ó¿îµå(Áý¾È)À¸·Î µ¥·Á¿À´À³Ä? Áï /lib À̳ª /usr/lib ¾È¿¡ ¾î¶² ÆÄÀϵéÀÌ ÁøÁ¤ /chroot/lib ¾ÈÀ¸·Î ¿È°Ü¿Í¾ß ÇÏ´À³Ä?? ±×°ÍÀÌ ¹®Á¦ÁÒ.. °£´ÜÇÕ´Ï´Ù.

ldd(¿¤µðµð)¶ó´Â ÅøÀÌ ÀÖ½À´Ï´Ù.

ldd ÆÄÀϸí
	

ÀÌ·¸°Ô »ç¿ëÇϴµ¥, ÆÄÀÏÀÌ »ç¿ëÇÏ´Â ¶óÀ̺귯¸® ÆÄÀÏÀÇ °æ·Î¸¦ ¸ðµÎ º¸¿©ÁÝ´Ï´Ù. ±×·¯´Ï º¹»çÇØÁÖ½Ã¸é µÇ°ÚÁÒ? ÇÊ¿ä¿¡ µû¶ó..(Á¶±Ý ±ÍÂú±ä ÇÕ´Ï´Ù)

---------------------------------------------------------------------------
[root@koreasecurity /]# ldd /bin/bash
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x0012a000)
        libdl.so.2 => /lib/libdl.so.2 (0x0012f000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/ls
        libtermcap.so.2 => /lib/libtermcap.so.2 (0x0012a000)
        libacl.so.1 => /lib/libacl.so.1 (0x0012f000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00135000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/cp
        libacl.so.1 => /lib/libacl.so.1 (0x0012a000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00131000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/rm
        libacl.so.1 => /lib/libacl.so.1 (0x0012a000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libattr.so.1 => /lib/libattr.so.1 (0x00131000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]# ldd /bin/uname
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
[root@koreasecurity /]#
---------------------------------------------------------------------------
	

¾ðµå ½ºÅĵå?

        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
	

ÀÌÁÙÀ» º¸¸é /lib/i686/libc.so.6 ÀÌ °æ·Î¿¡ ÀÖ´Â ¶óÀ̺귯¸® ÆÄÀÏÀÌ ÇÊ¿äÇϴٴ°ÅÁÒ. ±×·¯¸é, cp /lib/i686/libc.so.6 /chroot/lib ÇØÁֽøé, °ÔÀÓ ¿À¹ö µÇ°ÚÁÒ? °¡ÃâÇÑ ¶óÀ̺귯¸®(ÀÚ½Ä)µéÀ» Çϳª¾¿ ÁýÀ¸·Î µ¥·Á¿À´Â ÀÛ¾÷ÀÌ¾ß ¸»·Î, ÀÌ °­Àǹ®ÀÇ ÇÙ½ÉÀ̶ó°í ÇÒ¼öÀÖ°ÚÁÒ..

ÀÌÁ¦ ¸ðµç°ÍÀº ³¡³µ½À´Ï´Ù.


5. ¼­¹ö±¸µ¿

ÀÌÁ¦ chroot ¾È¿¡ ¼³Ä¡ÇÑ °¢Á¾¼­¹öµéÀ» ±¸µ¿Çغ¸´Â ½Ã°£ÀÔ´Ï´Ù.

°£´ÜÈ÷ ÇÒ¼ö ÀÖ½À´Ï´Ù. ±¸µ¿Áß¿¡ ¿À·ù°¡ ³ª´Â °æ¿ìµµ ÀÖÀ»°ÍÀÔ´Ï´Ù. ±×·±°æ¿ì¿¡´Â ¼­¹ö°ü·Ã ¸Þ´º¾óÀ» ÂüÁ¶ÇϽþî, ÇØ°áÇÏ½Ã±æ ¹Ù¶ø´Ï´Ù.

	¾ÆÆÄÄ¡ ±¸µ¿ÆÄÀÏ : /chroot/usr/local/apache/bin/apachectl
	MySQL ±¸µ¿ÆÄÀÏ : /chroot/usr/local/mysql/bin/safe_mysqld
	

ÀÌ·¸°Ô µÇÁÒ?

±×·¯³ª chroot ·Î /chroot -> / ·Î º¯È¯ÇÏ°í ³ª¸é..

	¾ÆÆÄÄ¡ ±¸µ¿ÆÄÀÏ : /usr/local/apache/bin/apachectl
	MySQL ±¸µ¿ÆÄÀÏ : /usr/local/mysql/bin/safe_mysqld
	

ÀÌ·± °æ·Î°¡ µÇÁÒ? ±×·³ °£´ÜÇÕ´Ï´Ù.

vi ÆíÁý±â·Î /etc/rc.local ÆÄÀÏÀ» ¿­¾î¼­ ¾Æ·¡µÎÁÙÀ» Ãß°¡ÇÕ´Ï´Ù.

chroot /chroot /usr/local/apache/bin/apachectl start
chroot /chroot /usr/local/mysql/bin/safe_mysqld &
	

ÀÌ·¸°Ô ÇÏ°í ÀúÀåÇѵÚ, ½Ã½ºÅÛÀ» Àç°¡µ¿ÇϸéµË´Ï´Ù. ±×·¯¸é Àç°¡µ¿ÇÒ¶§ À§ÀÇ ¸í·ÉÇàµéÀÌ ½ÇÇàµÇ°í.. /chroot µð·ºÅ丮·Î »óÀ§µð·ºÅ丮°¡ º¯È¯µÈµÚ ¾ÆÆÄÄ¡À¥¼­¹ö¸¦ °¡µ¿ÇÏ°í mysql µ¥¸ó¿ª½Ã °¡µ¿½Ãŵ´Ï´Ù. ±×¸®°í ±× ¾È¿¡ ÀÖ´Â°Ô ¾Æ´Ï¶ó.. Àú µÎ°¡Áö ÀÛµ¿µÈ ÇÁ·Î¼¼½ºµé¸¸ /chroot ¸¦ / ¶ó°í Âø°¢ÇÏ°í ÀÛµ¿ÇÏ°Ô µÇ´Â °ÍÀÔ´Ï´Ù. ?-.- ¹Ùº¸µÇ´Â°ÅÁÒ..(babo)

ÀÌ°ÍÀ¸·Î ±¸µ¿µµ ¾î·ÆÁö ¾Ê³×¿ä..

syslog ³ª ±×·±°Å¿¡ ´ëÇÑ°ÍÀº »ý·«Çϵµ·Ï ÇÏ°Ú½À´Ï´Ù.


6. Á¤¸» ¾ÈÀüÇÒ±î?

Á¤¸» ¾ÈÀüÇÑÁö ¸ð¸£½Ã°Ú´Ù°í¿ä? ÀϹÝÀûÀ¸·Î À¥À» ÅëÇؼ­ ¾î¶²½ÄÀ¸·Î Á¢±ÙÇϵçÁö ½Ã½ºÅÛ»óÀ¸·Î ħÅõÇϱâ À§Çؼ­´Â À¥°èÁ¤(www)·Î ½©»ó¿¡ ¸í·É¾î¸¦ ½ÇÇàÇÏ·Á ÇÒ°ÍÀÔ´Ï´Ù. ±×·¸´Ù¸é.. ÀÌ Ä§ÅõÇÑ ÇØÄ¿µéÀ̳ª ȤÀº PTµéÀÌ..

cat /etc/passwd 
	

¶ó°í ¸í·ÉÀ» ÁÖ¸é ¾î¶»°Ô µÉ±î¿ä? ½ÇÁ¦ /etc/passwd ÀÌ º¸¿©Áú±î¿ä? ¾Æ´Ï¸é /chroot/etc/passwd °¡ º¸¿©Áú±î¿ä?

´ç¿¬ÇÏÁÒ.. ÈÄÀÚÀÔ´Ï´Ù. ¾ÆÆÄÄ¡À¥¼­¹ö´Â /chroot ¸¦ / ·Î »ý°¢ÇÏ°í ÀÛµ¿ÁßÀ̱⠶§¹®ÀÔ´Ï´Ù. ±×·¡¼­ Áß¿äÇÑ °èÁ¤µéÀÇ ¸ñ·ÏÀº µå·¯³ªÁö ¾Ê°ÔµË´Ï´Ù.

¶Ç ¿­½ÉÈ÷ ³ë·Â(??ÇØÅ·)Çؼ­ /etc/shadow ÆÄÀÏÀ» ¾òÀºµé.. ¾Æ¹«¼Ò¿ëÀÌ ¾ø½À´Ï´Ù. ¿Ö³Ä? ½ÇÁ¦·Î ¾ò´Â°Ç /chroot/etc/shadow À̱⿡...ÈæÈæ..

¿ª½Ã Áß¿äÇÑ µ¥ÀÌŸ´Â À̾ȿ¡ µÎÁö ¾ÊÀ»°ÍÀ̱⠶§¹®¿¡, chroot ¸¦ ±ú´Â ±â¹ýÀ̳ª,mysql µ¥ÀÌŸº£À̽º¿¡ ½Ã½ºÅÛ»óÀÇ root °èÁ¤ ºñ¹Ð¹øÈ£¸¦ ³²±âÁö ¾Ê´ÂÇÑÀº ¾Æ¹«·± È¿¿ëÀÌ ¾ø¾îÁú°ÍÀÔ´Ï´Ù.

ÀÌÁ¦ ¾î´ÀÁ¤µµ ¾ÈÀüÇÏ´Ù°í º¼¼ö ÀÖ°ÚÁÒ? ( ¼­¹ö°¡ root ±ÇÇÑÀ¸·Î ÀÛµ¿Çϰųª, suid ¹ö±×°¡ ÀÖ´Â ÆÄÀÏÀÌ chroot µð·ºÅ丮 ¾È¿¡ ¾ø´Ù´Â °¡Á¤ ) ÀÌ ¹æ¹ýÀ¸·Î À¥À» °¡µÎ´Â°ÍÀ» chroot jail ±â¹ýÀ̶ó°í ºÎ¸£±âµµ ÇÕ´Ï´Ù. ¿ÏÀüÇÏÁö´Â ¾ÊÁö¸¸, Àß °ü¸®ÇÑ´Ù¸é ´ëºÎºÐÀÇ ¾î¸®¼®°í ÁغñµéµÈ ÇØÄ¿µéÀÇ Àå³­À¸·Î ºÎÅÍ´Â ¿ÏÀüÈ÷ º¸È£µÉ¼ö ÀÖÀ»°Å¶ó Àå´ãÇÕ´Ï´Ù.

ÀÌ ¹®¼­ÀÇ ÇÙ½ÉÀº ÀÌ°Í¿¡ Àִ°ÍÀÌÁÒ. "½Ã½ºÅÛÁ¤º¸º¸È£"


ID
Password
Join
A truly wise man never plays leapfrog with a Unicorn.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2006-07-22 13:05:02
Processing time 0.0044 sec