\u8907\u6570\u306e\u304a\u4e92\u3044\u306b\u95a2\u4fc2\u304c\u306a\u3044\u30e6\u30fc\u30b6\u3078\u5171\u7528\u30b5\u30fc\u30d0\u3092\u63d0\u4f9b\u3057\u305f\u3044\u3068\u304d\u306b\u306f\u3001SSH\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u30e6\u30fc\u30b6\u306f\u81ea\u5206\u306e\u74b0\u5883\u306f\u81ea\u7531\u306b\u4f7f\u3048\u307e\u3059\u304c\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u306e\u74b0\u5883\u306f\u53c2\u7167\u3067\u304d\u306a\u3044\u3001\u3068\u3044\u3063\u305f\u74b0\u5883\u3068\u306a\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3092\u3057\u3066\u63d0\u4f9b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\n
\n\u3053\u3046\u3044\u3063\u305f\u74b0\u5883\u3092\u63d0\u4f9b\u3059\u308b\u65b9\u6cd5\u306e\u3072\u3068\u3064\u306b\u3001SSH\u306eChrootDirectory\u3092\u4f7f\u3046\u3068\u3044\u3046\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001hiro345\u30e6\u30fc\u30b6\u3078chroot\u74b0\u5883\u3092\u7528\u610f\u3059\u308b\u306b\u306f\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b\u3057\u307e\u3059\u3002AllowUsers \u3084 DenyUsers \u306e\u6307\u5b9a\u306fMatch\u3088\u308a\u524d\u306b\u8a18\u8f09\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n
\r\nMatch User hiro345\r\n ChrootDirectory \/chroot\/\r\n X11Forwarding no\r\n AllowTcpForwarding no\r\n<\/pre>\nsftp\u3092\u63d0\u4f9b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u306a\u3089\u3001internal-sftp\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
\r\n#Subsystem sftp \/usr\/local\/libexec\/sftp-server\r\nSubsystem sftp internal-sftp\r\n<\/pre>\nSSH\u30ed\u30b0\u30a4\u30f3\u3092\u3057\u3066\u3001\u305d\u308c\u306a\u308a\u306b\u4f5c\u696d\u304c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001\u7d50\u69cb\u6e96\u5099\u304c\u5fc5\u8981\u3067\u3059\u3002\u307e\u305a\u306f\u3001chroot\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u7528\u610f\u3057\u3066\u3001\u305d\u3053\u3078\u5fc5\u8981\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002chroot\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u3001\u6240\u6709\u8005\u3092root\u3068\u3057\u3066\u3001755\u3068\u3057\u3066\u304a\u304b\u306a\u3044\u3068\u3044\u3051\u307e\u305b\u3093\uff08\u6700\u521d\u3001700\u306b\u3057\u3066\u306f\u307e\u308a\u307e\u3057\u305f\uff09\u3002\u3053\u3053\u306e\u4f8b\u3067\u306f\u3001ls, cat \u306e\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3048\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
\r\nmkdir \/chroot\r\nchmod 755 \/chroot\r\ncd \/\r\nmkdir -p \/chroot\/{bin,lib,lib64,var,home,etc,dev,usr}\r\ncp -p \/bin\/bash \/bin\/ls \/bin\/cat \/chroot\/bin\/ \r\n<\/pre>\nbash, ls, cat \u304c\u4f7f\u3063\u3066\u3044\u308b\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u8abf\u3079\u308b\u306b\u306f\u3001ldd\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u307e\u3059\u3002\u6b21\u306e\u3088\u3046\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u7528\u610f\u3057\u3066\u78ba\u8a8d\u3059\u308b\u306e\u304c\u3088\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n
\r\nfor t in `ldd \/chroot\/bin\/* | grep 0x | sort -u`; do\r\n echo $t|grep ".so.";\r\ndone | sort -u | grep lib64 > \/chroot\/lib.txt\r\n\r\nfor f in `cat \/chroot\/lib.txt`; do\r\n cp $f \/chroot\/$f; \r\ndone\r\n<\/pre>\n\u30d1\u30c3\u30b1\u30fc\u30b8\u304b\u3089\u5fc5\u8981\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u629c\u304d\u51fa\u3059\u306b\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u5f79\u306b\u7acb\u3061\u307e\u3059\u3002<\/p>\n
\r\nfor f in `rpm -qs perl-5.10.1-119.el6_1.1.x86_64|grep "\/usr\/bin"|awk '{print $2}'`; do\r\n cp -a $f \/chroot\/$f;\r\ndone\r\n<\/pre>\n\/var\/tmp, \/tmp \u306f\u5ff5\u306e\u305f\u3081\u7528\u610f\u3057\u3066\u304a\u3044\u305f\u65b9\u304c\u826f\u3044\u3067\u3057\u3087\u3046\u3002chroot\u74b0\u5883\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u306f\u3001\/chroot\/etc\/passwd, \/chroot\/etc\/group, \/chroot\/etc\/shadow \u306b\u7f6e\u304d\u307e\u3059\u3002Linux\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u3068\u3057\u3066\u3001\/etc\/passwd, \/etc\/group, \/etc\/shadow \u306b\u767b\u9332\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u305d\u306e\u4e2d\u304b\u3089\u3001chroot\u74b0\u5883\u306b\u5fc5\u8981\u306a\u30e6\u30fc\u30b6\uff08root\u3068\u304btty\u3068\u3044\u3063\u305f\u3082\u306e\u306f\u3059\u3079\u3066\u524a\u9664\u3057\u3066\u304a\u3044\u3066\u3044\u3044\uff09\u5206\u3060\u3051\u629c\u304d\u51fa\u3057\u3066\u7528\u610f\u3057\u307e\u3059\u3002<\/p>\n
\u52d5\u4f5c\u78ba\u8a8d\u6642\u306b\u3046\u307e\u304f\u3067\u304d\u306a\u3044\u3068\u304d\u306f\u3001\/lib, \/lib64, \/usr \u3042\u305f\u308a\u306f\u5168\u90e8\u30b3\u30d4\u30fc\u3057\u3066\u3057\u307e\u3066\u304b\u3089\u3001\u5f8c\u3067\u4e0d\u8981\u306a\u3082\u306e\u3092\u524a\u9664\u3057\u3066\u3044\u304f\u3068\u3044\u3046\u65b9\u6cd5\u3082\u30a2\u30ea\u3067\u3057\u3087\u3046\u3002<\/p>\n
\u6b21\u306e\u3088\u3046\u306a\u611f\u3058\u3067\u3001dev\u3082\u4f5c\u3063\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n
\r\nmkdir -p \/chroot\/dev\r\nmknod \/chroot\/dev\/null c 1 3\r\nmknod \/chroot\/dev\/zero c 1 5\r\nchmod 666 \/chroot\/dev\/*\r\n<\/pre>\nCentOS\u306a\u3089\u3001\/sbin\/MAKEDEV \u3092\u30b3\u30d4\u30fc\u3057\u3066\u4f5c\u308b\u3068\u3044\u3046\u65b9\u6cd5\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n
\r\ncp -a \/sbin\/MAKEDEV \/chroot\/dev\/\r\ncd \/chroot\/dev\r\n.\/MAKEDEV std\r\n<\/pre>\nSSH\u30ed\u30b0\u30a4\u30f3\u3092\u3059\u308b\u524d\u306b\u3001chroot\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3063\u3066\u3001\u30ed\u30fc\u30ab\u30eb\u3067ls\u3084cat\u30b3\u30de\u30f3\u30c9\u304c\u52d5\u4f5c\u3059\u308b\u304b\u78ba\u8a8d\u3092\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n
\r\n# chroot \/chroot\/ \/bin\/bash\r\n# ls\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u8907\u6570\u306e\u304a\u4e92\u3044\u306b\u95a2\u4fc2\u304c\u306a\u3044\u30e6\u30fc\u30b6\u3078\u5171\u7528\u30b5\u30fc\u30d0\u3092\u63d0\u4f9b\u3057\u305f\u3044\u3068\u304d\u306b\u306f\u3001SSH\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u30e6\u30fc\u30b6\u306f\u81ea\u5206\u306e\u74b0\u5883\u306f\u81ea\u7531\u306b\u4f7f\u3048\u307e\u3059\u304c\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u306e\u74b0\u5883\u306f\u53c2\u7167\u3067\u304d\u306a\u3044\u3001\u3068\u3044\u3063\u305f\u74b0\u5883\u3068\u306a\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3092\u3057\u3066\u63d0\u4f9b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[1209,198],"class_list":["post-9147","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-ssh"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/9147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=9147"}],"version-history":[{"count":8,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/9147\/revisions"}],"predecessor-version":[{"id":9155,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/9147\/revisions\/9155"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=9147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=9147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=9147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}