Security issue - just getting started

Fri Dec 31 10:13:09 PST 2004

i'm sure there are better explanations of these concepts than i can provide.

 > I don't understand the concept of userland? (Userland vs ???)

userland and kernelspace has to do with which code is being executed.
system calls and lower level functionality comes from the kernel.

 > Throw in "chroot" and "jail" and I'm just completely lost.

jailing a process is the idea of creating a false virtual environment for a 
program. the program believes that its environment is something completely 
different from the real environment that is the entire system provided by the 
operating system and its utilities.
for example, say i want to run a ftp server. running it straight from a 
non-jailed environment means that the entire system environment is visible to 
the service. but running the service from a chroot-ed environment would limit 
what was visible to the ftp service. the ftp service would believe that the root 
of the file system was something like /var/ftp/ instead of just /. then, no 
matter what tomfoolery occurs, nothing above the /var/ftp/ directory would ever 
be available to the ftp service. of course, breaking out of a jailed environment 
is one of the goals of malicious users.

 >
 > Where can I get started on understanding FreeBSD security?

there are incredible amounts of information available on this subject online. 
search for things like "freebsd security" and "unix security." but the real 
first step is getting to know your system. log in as a regular user and see what 
you can and can't do. look at your shell environment and see how it differs from 
the root user's environment. things like that. understand file and directory 
permissions and how they can be used with owner/group id's.

 >
 > I want to lock down my Apache based webserver properly.
 > I don't want to JUST run a script like Bastille, except
 > to learn from it. I need the understanding to move forward.

apache.org has some information about securing your installation. again, there 
are incredible amounts of information available on this subject. i have read 
that running apache in a chroot environment is a bad idea and that there are 
better ways of securing the server. you may also want to read the apache bible. 
it has lots of advice and examples. because it is geared toward someone who is 
starting out, i would also recommend finding more involved discussion once 
you're familiar with the basics. but it does seem like a fair enough starting 
point. once you're running your service, try it out. see how much you can make 
it do. then ask yourself if you really want it to do that.

as always, have a healthy mistrust of any service you run on your system. be 
vigilent by watching out for security announcements and inspecting log files. 
and never enable or allow for more than is necessary.
-- 
~rick