Version 3 (modified by 16 years ago) (diff) | ,
---|
Opzetten chroot basis omgeving fedora core
Het opzetten van een chroot basis omgeving is normaal een hoop kopieer en puzzel werk.
Echter bevat yum een handige --installroot optie om alles op ene automatische en nette manier te doen.
Het enige wat nodig is voor een minimale omgeving is bash en alle dependencys. Deze proberen we als volgt te installeren:
[root@localhost ~]# yum --installroot=/chrootedlogin install bash removing mirrorlist with no valid mirrors: /chrootedlogin/var/cache/yum/fedora/mirrorlist.txt Error: Cannot retrieve repository metadata (repomd.xml) for repository: fedora. Please verify its path and try again [root@localhost ~]# cp /var/cache/yum/fedora/mirrorlist.txt /chrootedlogin/var/cache/yum/fedora/mirrorlist.txt [root@localhost ~]# yum --installroot=/chrootedlogin install bash fedora | 2.4 kB 00:00 primary.sqlite.bz2 | 6.1 MB 00:09 removing mirrorlist with no valid mirrors: /chrootedlogin/var/cache/yum/updates/mirrorlist.txt Error: Cannot retrieve repository metadata (repomd.xml) for repository: updates. Please verify its path and try again You have new mail in /var/spool/mail/root [root@localhost ~]# cp /var/cache/yum/updates/mirrorlist.txt /chrootedlogin/var/cache/yum/updates/mirrorlist.txt
De files die ontbreken kopieren we van het hoofd systeem, totdat yum het doet. (Dit zijn slechts 2 mirrorlist files)
Hierna gaat het installeren van bash correct:
[root@localhost ~]# yum --installroot=/chrootedlogin install bash updates | 2.6 kB 00:00 primary.sqlite.bz2 | 9.1 kB 00:00 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package bash.i386 0:3.2-22.fc9 set to be updated --> Processing Dependency: libc.so.6(GLIBC_2.2) for package: bash --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: bash --> Processing Dependency: rtld(GNU_HASH) for package: bash --> Processing Dependency: libc.so.6(GLIBC_2.1) for package: bash --> Processing Dependency: libc.so.6(GLIBC_2.3.4) for package: bash --> Processing Dependency: mktemp for package: bash --> Processing Dependency: libtinfo.so.5 for package: bash --> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: bash --> Processing Dependency: libc.so.6 for package: bash --> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: bash --> Processing Dependency: ncurses for package: bash --> Processing Dependency: libdl.so.2 for package: bash --> Processing Dependency: libc.so.6(GLIBC_2.0) for package: bash --> Processing Dependency: libc.so.6(GLIBC_2.3) for package: bash --> Running transaction check ---> Package ncurses-libs.i386 0:5.6-16.20080301.fc9 set to be updated --> Processing Dependency: ncurses-base = 5.6-16.20080301.fc9 for package: ncurses-libs ---> Package glibc.i686 0:2.8-3 set to be updated --> Processing Dependency: basesystem for package: glibc --> Processing Dependency: libgcc for package: glibc --> Processing Dependency: glibc-common = 2.8-3 for package: glibc ---> Package coreutils.i386 0:6.10-18.fc9 set to be updated --> Processing Dependency: libacl.so.1 for package: coreutils --> Processing Dependency: libacl.so.1(ACL_1.0) for package: coreutils --> Processing Dependency: /sbin/install-info for package: coreutils --> Processing Dependency: libpam.so.0 for package: coreutils --> Processing Dependency: libselinux.so.1 for package: coreutils --> Processing Dependency: grep for package: coreutils --> Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: coreutils --> Processing Dependency: libselinux >= 1.25.6-1 for package: coreutils --> Processing Dependency: libpam_misc.so.0 for package: coreutils --> Processing Dependency: pam >= 0.66-12 for package: coreutils --> Processing Dependency: libpam_misc.so.0(LIBPAM_MISC_1.0) for package: coreutils ---> Package ncurses.i386 0:5.6-16.20080301.fc9 set to be updated --> Running transaction check ---> Package pam.i386 0:1.0.1-2.fc9 set to be updated --> Processing Dependency: audit-libs >= 1.0.8 for package: pam --> Processing Dependency: cracklib-dicts >= 2.8 for package: pam --> Processing Dependency: libaudit.so.0 for package: pam --> Processing Dependency: cracklib for package: pam --> Processing Dependency: libcrack.so.2 for package: pam ---> Package libselinux.i386 0:2.0.61-1.fc9 set to be updated --> Processing Dependency: libsepol >= 2.0.18-2 for package: libselinux ---> Package libacl.i386 0:2.2.47-1.fc9 set to be updated --> Processing Dependency: libattr.so.1(ATTR_1.0) for package: libacl --> Processing Dependency: libattr.so.1 for package: libacl ---> Package basesystem.noarch 0:8.1-1 set to be updated --> Processing Dependency: filesystem for package: basesystem --> Processing Dependency: setup for package: basesystem ---> Package info.i386 0:4.11-5.fc9 set to be updated --> Processing Dependency: libz.so.1 for package: info ---> Package glibc-common.i386 0:2.8-3 set to be updated --> Processing Dependency: tzdata >= 2003a for package: glibc-common ---> Package libgcc.i386 0:4.3.0-8 set to be updated ---> Package ncurses-base.i386 0:5.6-16.20080301.fc9 set to be updated ---> Package grep.i386 0:2.5.1-59.fc9 set to be updated --> Processing Dependency: libpcre.so.0 for package: grep --> Running transaction check ---> Package libattr.i386 0:2.4.41-1.fc9 set to be updated ---> Package audit-libs.i386 0:1.7.2-6.fc9 set to be updated ---> Package setup.noarch 0:2.6.14-1.fc9 set to be updated ---> Package filesystem.i386 0:2.4.13-1.fc9 set to be updated ---> Package zlib.i386 0:1.2.3-18.fc9 set to be updated ---> Package cracklib-dicts.i386 0:2.8.12-2 set to be updated ---> Package pcre.i386 0:7.3-3.fc9 set to be updated --> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package: pcre --> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4.9) for package: pcre --> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4) for package: pcre --> Processing Dependency: libstdc++.so.6 for package: pcre ---> Package tzdata.noarch 0:2008b-1.fc9 set to be updated ---> Package cracklib.i386 0:2.8.12-2 set to be updated ---> Package libsepol.i386 0:2.0.26-1.fc9 set to be updated --> Running transaction check ---> Package libstdc++.i386 0:4.3.0-8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: bash i386 3.2-22.fc9 fedora 1.8 M Installing for dependencies: audit-libs i386 1.7.2-6.fc9 fedora 74 k basesystem noarch 8.1-1 fedora 2.9 k coreutils i386 6.10-18.fc9 fedora 4.4 M cracklib i386 2.8.12-2 fedora 47 k cracklib-dicts i386 2.8.12-2 fedora 3.7 M filesystem i386 2.4.13-1.fc9 fedora 119 k glibc i686 2.8-3 fedora 5.5 M glibc-common i386 2.8-3 fedora 21 M grep i386 2.5.1-59.fc9 fedora 182 k info i386 4.11-5.fc9 fedora 167 k libacl i386 2.2.47-1.fc9 fedora 22 k libattr i386 2.4.41-1.fc9 fedora 13 k libgcc i386 4.3.0-8 fedora 45 k libselinux i386 2.0.61-1.fc9 fedora 116 k libsepol i386 2.0.26-1.fc9 fedora 129 k libstdc++ i386 4.3.0-8 fedora 317 k ncurses i386 5.6-16.20080301.fc9 fedora 169 k ncurses-base i386 5.6-16.20080301.fc9 fedora 59 k ncurses-libs i386 5.6-16.20080301.fc9 fedora 326 k pam i386 1.0.1-2.fc9 fedora 1.1 M pcre i386 7.3-3.fc9 fedora 140 k setup noarch 2.6.14-1.fc9 fedora 140 k tzdata noarch 2008b-1.fc9 fedora 752 k zlib i386 1.2.3-18.fc9 fedora 74 k Transaction Summary ============================================================================= Install 25 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 41 M Is this ok [y/N]: y Downloading Packages: (1/25): basesystem-8.1-1.noarch.rpm | 2.9 kB 00:00 (2/25): libattr-2.4.41-1.fc9.i386.rpm | 13 kB 00:00 (3/25): libacl-2.2.47-1.fc9.i386.rpm | 22 kB 00:00 (4/25): libgcc-4.3.0-8.i386.rpm | 45 kB 00:00 (5/25): cracklib-2.8.12-2.i386.rpm | 47 kB 00:00 (6/25): ncurses-base-5.6-16.20080301.fc9.i386.rpm | 59 kB 00:00 (7/25): audit-libs-1.7.2-6.fc9.i386.rpm | 74 kB 00:00 (8/25): zlib-1.2.3-18.fc9.i386.rpm | 74 kB 00:00 (9/25): libselinux-2.0.61-1.fc9.i386.rpm | 116 kB 00:00 (10/25): filesystem-2.4.13-1.fc9.i386.rpm | 119 kB 00:00 (11/25): libsepol-2.0.26-1.fc9.i386.rpm | 129 kB 00:00 (12/25): setup-2.6.14-1.fc9.noarch.rpm | 140 kB 00:00 (13/25): pcre-7.3-3.fc9.i386.rpm | 140 kB 00:00 (14/25): info-4.11-5.fc9.i386.rpm | 167 kB 00:00 (15/25): ncurses-5.6-16.20080301.fc9.i386.rpm | 169 kB 00:00 (16/25): grep-2.5.1-59.fc9.i386.rpm | 182 kB 00:00 (17/25): libstdc++-4.3.0-8.i386.rpm | 317 kB 00:00 (18/25): ncurses-libs-5.6-16.20080301.fc9.i386.rpm | 326 kB 00:00 (19/25): tzdata-2008b-1.fc9.noarch.rpm | 752 kB 00:01 (20/25): pam-1.0.1-2.fc9.i386.rpm | 1.1 MB 00:02 (21/25): bash-3.2-22.fc9.i386.rpm | 1.8 MB 00:02 (22/25): cracklib-dicts-2.8.12-2.i386.rpm | 3.7 MB 00:06 (23/25): coreutils-6.10-18.fc9.i386.rpm | 4.4 MB 00:08 (24/25): glibc-2.8-3.i686.rpm | 5.5 MB 00:10 (25/25): glibc-common-2.8-3.i386.rpm | 21 MB 00:38 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora@redhat.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora Is this ok [y/N]: y Importing GPG key 0xDB42A60E "Red Hat, Inc <security@redhat.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : setup [ 1/25] Installing : filesystem [ 2/25] Installing : basesystem [ 3/25] Installing : ncurses-base [ 4/25] Installing : tzdata [ 5/25] Installing : libgcc [ 6/25] Installing : glibc [ 7/25] Installing : ncurses-libs [ 8/25] Installing : ncurses [ 9/25] Installing : bash [10/25] Installing : cracklib [11/25] Installing : libsepol [12/25] Installing : libselinux [13/25] Installing : libattr [14/25] Installing : libacl [15/25] Installing : libstdc++ [16/25] Installing : pcre [17/25] Installing : glibc-common [18/25] Installing : zlib [19/25] Installing : info [20/25] Installing : grep [21/25] Installing : audit-libs [22/25] Installing : cracklib-dicts [23/25] Installing : coreutils [24/25] Installing : pam [25/25] Installed: bash.i386 0:3.2-22.fc9 Dependency Installed: audit-libs.i386 0:1.7.2-6.fc9 basesystem.noarch 0:8.1-1 coreutils.i386 0:6.10-18.fc9 cracklib.i386 0:2.8.12-2 cracklib-dicts.i386 0:2.8.12-2 filesystem.i386 0:2.4.13-1.fc9 glibc.i686 0:2.8-3 glibc-common.i386 0:2.8-3 grep.i386 0:2.5.1-59.fc9 info.i386 0:4.11-5.fc9 libacl.i386 0:2.2.47-1.fc9 libattr.i386 0:2.4.41-1.fc9 libgcc.i386 0:4.3.0-8 libselinux.i386 0:2.0.61-1.fc9 libsepol.i386 0:2.0.26-1.fc9 libstdc++.i386 0:4.3.0-8 ncurses.i386 0:5.6-16.20080301.fc9 ncurses-base.i386 0:5.6-16.20080301.fc9 ncurses-libs.i386 0:5.6-16.20080301.fc9 pam.i386 0:1.0.1-2.fc9 pcre.i386 0:7.3-3.fc9 setup.noarch 0:2.6.14-1.fc9 tzdata.noarch 0:2008b-1.fc9 zlib.i386 0:1.2.3-18.fc9 Complete!
Nu kunnen we onze chroot omgeving testen:
[root@localhost ~]# chroot /chrootedlogin/ bash-3.2# ls / bin boot chrootedlogin dev etc home lib media mnt opt proc root sbin selinux srv sys tmp usr var
We hebben nu een basis omgeving, waar in principe op ingelogd kan worden.
Inloggen in chroot omgeving
Dit gaat door simpelweg /etc/ssh/sshd_config aan te passen.
Hierin stelt men de ChrootDirectory? in op /chrootedlogin.
Iedereen die nu inlogt via ssh komt nu in deze directory. Ook de rootuser dus!