Safe Chrooted SSH Environments

[LordVader]

@iago:
What I take away from that isn't so much about specific programs that can or will potentially be exploited but as always falls back to admins,users and their actions in an environment..
Which can result in malicious code execution leading to the whole environment being compromised.

For me personally I'm not one to live in fear of such things happening and not do or provide what I normally would in  "ideal" situations, both in real life and in things like this.
So that brings me more or less back to the original question of what would most people consider fairly safe must have tools, that you would want to have access to ideally for web/personal use.

Also raises a second question based off the assumption that at some point the chroot environment can possibly fail.. and how to best protect you're network and the outside world from the consiquences of such a failure.

My general experience would say:
1) Descent router/firewall setup that seperates the "Public" servers that are potentially vulnerable, from the rest of you're network.
2) Active anti virus, rootkit, other scanning.
3) Active Security Auditing.
4) Staying aware and upto date with security information in general.
5) Backups, and more Backups.. did I mention backups?

Would provide a fairly descent margin for error/failure on the public frontend servers, that could be restored, updated and fixed if something did go bad.

Anyway this is very helpfull to me im fairly new to bsd/*nix, less then a year but im not one to do things without doing research so i've learned alot and still learning..
Things like this help me make sure im clear and approaching things correctly..
As always thanks for the input it's always appreciated..

Any idea's/suggestions/critique to further things is always welcome.

@nslay:
That is correct no su or sudo access i'm trying to provide direct chrooted access to only specific tools in a webserver environment.
Thru a control panel (ispconfig) I create users, and can assign them ftp/email/ssh/other access etc. all chrooted.
So personally i'm looking to find out what may be considered safe to provide for users, that may aid in editing html or setting up php scripts/software, which is why I was asking about nano/vim etc.
But also the general discussion about chroot in general and using apps and the security ramifications are also very welcome it's good to know and read for me, and im sure others also.

[nslay]

Don't forget the securelevels in BSD, and there is rootkit driver developed to combat rootkits in Linux.  I don't remember what it was called, but it was released at defcon.

[LordVader]

What I have gathered mostly so far..

Ping:
Can be sketchy as it does exec higher priv's internally and may lead to bad things, not to mention the things users can do with ping so to provide/use at own risk.

Nano/Vim:
Outside of the "unknown" would generally be considered safe in themselve's, but may lead to bad things if something unknown or unexpected compromises the chroot environment or raises priv. levels etc..

Other:
Mostly the same as nano/vim, use with caution find out what they are and how they execute and handle user priv's interally, and follow the previous guildlines and you can be fairly confident what to and not to use.


As well as generally doing research, learning how to be a descent admin and staying ontop of things as I mentioned previously as always.

[iago]

Just for the record, my posts in this thread weren't referring to a chrooted environment, but only to potential vulnerabilities in vim.

If vim can be exploited, and the user has su/sudo access, then there's a very good chance of obtaining root.

[LordVader]

@iago:
So making sure to seperate any tools from su/sudo by not providing su/sudo in a chroot environment "should" for the most part limit the risk of abuse correct?

*Edit: in general and specifically in regards to vim etc.

[nslay]

You know, if you're really worried about keeping up with known vulnerabilities
I recommend Free/OpenBSD with portaudit installed.  portaudit will automatically audit the installed applications for known vulnerabilities.
Here's an example output:

LIGHTBULB# portaudit -Fda
auditfile.tbz                                 100% of   42 kB  119 kBps
New database installed.
Database created: Tue May 29 11:40:06 EDT 2007
0 problem(s) in your installed packages found.

Also, subscribing to the announcement/security mailing list will keep up to date on vulnerabilities in the Free/OpenBSD kernel and userland.

[LordVader]

Yes at some point I fully intend to shift to freebsd or openbsd, but im still learning and currently am depending on a control panel "ispconfig" on debian linux to help automate user creation and such for my web environemt.

I have several different systems setup in vmware and constantly am playing but currently for what I need debian + ispconfig is the best solution i've found for hosting domains/users etc..

At some point i'm going to shift from paid hosting to hosting all my sites myself and possibly a friend or two as needed, which at that point I do hope to be walking outside of ispconfig and linux and on freebsd or openbsd

I'm soso on freebsd now as far as using ports, cvsup etc, portmanager/portupgrade/portaudit etc..
But as far as running a live server environment and automating usercreation and such..
eg: one script or form to create users for several different apps in a controled environment etc..
I'm far from that yet.. but im learning and headed in that direction =)

I use these sites as a reference for most things *nix related:
http://www.bsdguides.org, http://www.bsdguides.org/guides <<-- for "bsd's"
http://www.howtoforge.com/ <<-- for various linux distro's and some bsd stuff.
www.google.com && www.ask.com <-- for everything else, or stuff I can't find on those sites.

[iago]

@iago:
So making sure to seperate any tools from su/sudo by not providing su/sudo in a chroot environment "should" for the most part limit the risk of abuse correct?

*Edit: in general and specifically in regards to vim etc.

Yes, let me just highlight the important points of my last post:

Just for the record, my posts in this thread weren't referring to a chrooted environment, but only to potential vulnerabilities in vim.

If vim can be exploited, and the user has su/sudo access, then there's a very good chance of obtaining root.

So yes, if you don't have users with administrative accounts, you're fine. I'm talking about a totally different situation.