Finally, we must test the new chrooted jail configuration of our Apache Web Server. The first thing to do is to restart our syslogd daemon with the following command:
[root@deep ]/# /etc/rc.d/init.d/syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
Now, start the new chrooted jail Apache with the following command:
[root@deep ]/# /etc/rc.d/init.d/httpd start
Starting httpd: [ OK ]
If you don't get any errors, do a ps ax | grep httpd and see if we're running:
[root@deep ]/# ps ax | grep httpd
14373 ? S 0:00 httpd -DSSL
14376 ? S 0:00 httpd -DSSL
14377 ? S 0:00 httpd -DSSL
14378 ? S 0:00 httpd -DSSL
14379 ? S 0:00 httpd -DSSL
14380 ? S 0:00 httpd -DSSL
14381 ? S 0:00 httpd -DSSL
14382 ? S 0:00 httpd -DSSL
14383 ? S 0:00 httpd -DSSL
14384 ? S 0:00 httpd -DSSL
14385 ? S 0:00 httpd -DSSL
14386 ? S 0:00 httpd -DSSL
14387 ? S 0:00 httpd -DSSL
14388 ? S 0:00 httpd -DSSL
14389 ? S 0:00 httpd -DSSL
14390 ? S 0:00 httpd -DSSL
14391 ? S 0:00 httpd -DSSL
14397 ? S 0:00 httpd -DSSL
14476 ? S 0:00 httpd -DSSL
14477 ? S 0:00 httpd -DSSL
14478 ? S 0:00 httpd -DSSL
If so, lets check to make sure it's chrooted by picking out one of its process numbers and doing ls -la /proc/that_process_number/root/.
[root@deep ]/# ls -la /proc/14373/root/
If you see:
dev
etc
home
lib
usr
var
congratulations!
As mentioned above, if you use Perl, you'll need to copy or hardlink any system libraries, perl libraries /usr/lib/perl5
, and binaries into the chroot area. The same applies for SSL, PHP, LDAP,
PostgreSQL and other programs.