wiki:experiences:igraltist:jail_apache2
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

This is the modified apache2 init-script

--- apache2_orginal	2008-07-01 14:33:17.000000000 +0200
+++ apache2	2008-07-02 18:11:08.000000000 +0200
@@ -115,6 +115,8 @@
         	      fi
 		 done
 	fi
+	echo "sleeping a bit, otherwise the port is blocking from dieing apache"
+	sleep 2
 }
 
 # Stupid hack to keep lintian happy. (Warrk! Stupidhack!).
@@ -126,7 +128,9 @@
 		#ssl_scache shouldn't be here if we're just starting up.
 		[ -f /var/run/apache2/ssl_scache ] && rm -f /var/run/apache2/*ssl_scache*
 		log_begin_msg "Starting web server (apache2)..."
-		if $APACHE2CTL start; then
+#		if $APACHE2CTL start; then
+		$ENV run-jail apache2 /usr/sbin/apache2ctl start
+		if [ "$?" -eq 0 ]; then
                         log_end_msg 0
                 else
                         log_end_msg 1
@@ -148,7 +152,9 @@
                 fi
                 log_begin_msg "Reloading web server config..."
 		if pidof_apache; then
-                    if $APACHE2CTL graceful $2 ; then
+		    $ENV run-jail apache2 /usr/sbin/apache2ctl graceful reload
+                    #if $APACHE2CTL graceful $2 ; then
+		    if [ "$?" -eq 0 ]; then
                         log_end_msg 0
                     else
                         log_end_msg 1
@@ -160,7 +166,9 @@
 		if ! apache_sync_stop; then
                         log_end_msg 1
                 fi
-		if $APACHE2CTL start; then
+		$ENV run-jail apache2 /usr/sbin/apache2ctl start
+		if [ "$?" -eq 0 ]; then
+#		if $APACHE2CTL start; then
                         log_end_msg 0
                 else
                         log_end_msg 1
;
; RSBAC JAIL definition for apache2
; 20060502
;
; Tested by:
; Fuleki Miklos (RAk)
; Peter Busser (peter)
; Robert Penz (robert)
; igraltist on debian
;
""
"0.0.0.0"
(allow-dev-read
 allow-dev-write
 allow-all-net-family
 allow-inet-raw
 private-namespace)
(setuid
 setgid
 net-bind-service
 kill)
(sysctl)
(rlimit)
/etc/init.d/apache2 start 
Starting web server (apache2)...	
This is execute now:
rsbac_jail  -d -D -n -r -N -C  SETUID SETGID NET_BIND_SERVICE KILL -G  sysctl -M  rlimit  /usr/sbin/apache2ctl  start
//
wiki/experiences/igraltist/jail_apache2.txt · Last modified: 2008/07/14 02:39 by 127.0.0.1

wiki/experiences/igraltist/jail_apache2.txt · Last modified: 2008/07/14 02:39 by 127.0.0.1
This website is kindly hosted by m-privacy