Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-05-25, 16:12:16

Author Topic: [INFO] Jailkit for Kloxo-MR  (Read 5519 times)

0 Members and 1 Guest are viewing this topic.

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
[INFO] Jailkit for Kloxo-MR
« on: 2014-02-03, 06:26:33 »
To make Kloxo-MR very secure, possible implementing Jailkit in Kloxo-MR.

Two options for Jailkit:

1. Always use Jailkit, or
2. Jailkit as options - enable/disable in panel

Implementing Jailkit will be ready in next release and I will inform if ready in this thread.

I hope in 2-3 days will be ready!.

Becuase very importance, other options/bugfixes temporary pending.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [INFO] Jailkit for Kloxo-MR
« Reply #1 on: 2014-02-03, 17:19:16 »
Great!  Will we be able to re-enable perl and cron?
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #2 on: 2014-02-03, 17:20:35 »
Maybe not for cron. But, sure perl will be enable.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [INFO] Jailkit for Kloxo-MR
« Reply #3 on: 2014-02-03, 17:24:38 »
:)
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #4 on: 2014-02-03, 17:42:07 »
It's because cron possible execute ssh and execute from /var/spool/cron. It's different with perl where perl file execute only from /home/<user> and with jailkit this /home/<user> will chrooted.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline insanity

  • Senior Member
  • *
  • Posts: 215
  • Karma: +0/-0
    • View Profile
Re: [INFO] Jailkit for Kloxo-MR
« Reply #5 on: 2014-02-03, 18:03:38 »
Mustafa,
Why not change cron in kloxo to be able to set only php or curl, for example php -q /cront/path/ or curl -I /cron/path/. If you try to add cron with ssh or other cmd error will be displayed ?

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #6 on: 2014-02-03, 18:08:09 »
Mustafa,
Why not change cron in kloxo to be able to set only php or curl, for example php -q /cront/path/ or curl -I /cron/path/. If you try to add cron with ssh or other cmd error will be displayed ?
Yes, still thinking for limiting cron task for user.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline insanity

  • Senior Member
  • *
  • Posts: 215
  • Karma: +0/-0
    • View Profile
Re: [INFO] Jailkit for Kloxo-MR
« Reply #7 on: 2014-02-03, 18:22:22 »
open: /usr/local/lxlabs/kloxo/httpdocs/driver/pserver/cronlib.php

find:
Code: [Select]
static function add($parent, $class, $param)

{
if (!($parent->isClass('pserver') || $parent->priv->isOn('cron_minute_flag'))) {
if (!is_numeric($param['minute'])) {
$param['minute'] = 0;
}
}
$param['username'] = $parent->username;
/*
if ($parent->is__table('pserver')) {
$param['syncserver'] = $parent->nname;
} else {
$param['syncserver'] = $parent->syncserver;
}
*/

change it to:

Code: [Select]
static function add($parent, $class, $param)

{
if (!($parent->isClass('pserver') || $parent->priv->isOn('cron_minute_flag'))) {
if (!is_numeric($param['minute'])) {
$param['minute'] = 0;
}
}
if (strpos($param['command'], 'ssh') !== false) {
throw new lxexception("ssh_is_not_allowed_cmd_for_cron", '', '');
}
$param['username'] = $parent->username;
/*
if ($parent->is__table('pserver')) {
$param['syncserver'] = $parent->nname;
} else {
$param['syncserver'] = $parent->syncserver;
}
*/

and voala. ssh cmd is disabled

if you want to disable more cmd it must be:

Code: [Select]
if (strpos($param['command'], 'cmd1', 'cmd2', 'cmd3') !== false) {

Offline vpsbox

  • Junior Member
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
    • http://www.vpsbox.eu
Re: [INFO] Jailkit for Kloxo-MR
« Reply #8 on: 2014-03-06, 04:18:54 »
is that ready ? is it for 6.5.1 only?

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #9 on: 2014-03-06, 06:04:43 »
Jailkit only for 6.5.1 because it's not easy to implementing and I don't want broke 6.5.0 code.

Jailkit ready since 6.5.1.c (aka candidate release) and at this moment 6.5.1 still in b (aka beta).
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline vpsbox

  • Junior Member
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
    • http://www.vpsbox.eu
Re: [INFO] Jailkit for Kloxo-MR
« Reply #10 on: 2014-03-08, 03:27:29 »
I saw that not too long ago we 6.5.1 become beta, when to expect candidate release version? Is it any timing on that

that will change kloxo security for good

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [INFO] Jailkit for Kloxo-MR
« Reply #11 on: 2014-04-25, 05:51:31 »
When will jailkit be implemented for us to test Mustafa?  I would like to allow perl scripts again for clients.
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #12 on: 2014-04-25, 06:30:15 »
Implementing after c (candidate) release. C will be release after 'multiple php' implementing.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mvillanueva

  • Junior Member
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: [INFO] Jailkit for Kloxo-MR
« Reply #13 on: 2014-06-11, 06:24:42 »
Why not to try with jailshell. I know it sounds very cPanel, but in fact, jailshell had a free software fork (somewhere). If you jailshell a user, user will be still able to execute jail rooted commands, with the benefit to stay in their own directory all the time.

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Jailkit for Kloxo-MR
« Reply #14 on: 2014-06-11, 06:44:56 »
Kloxo/Kloxo-MR already exists lxjailshell (as the same jailshell in CPanel). Jailkit not only jailed for shell (aka jail_lsh) but also other features (read http://olivier.sessink.nl/jailkit/).
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine
Click Here

Page created in 0.056 seconds with 18 queries.

web stats analysis