[uidbasics]
|
# this section probably needs adjustment on 64bit systems
|
# or non-Linux systems
|
comment = common files for all jails that need user/group information
|
libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/x86_64-linux-gnu/libnss*.so.2
|
regularfiles = /etc/nsswitch.conf, /etc/ld.so.conf
|
|
[netbasics]
|
comment = common files for all jails that need any internet connectivity
|
libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/x86_64-linux-gnu/libnss_dns.so.2
|
regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols
|
|
[logbasics]
|
comment = timezone information
|
regularfiles = /etc/localtime
|
need_logsocket = 1
|
|
[jk_lsh]
|
comment = Jailkit limited shell
|
executables = /usr/sbin/jk_lsh
|
regularfiles = /etc/jailkit/jk_lsh.ini
|
users = root
|
groups = root
|
need_logsocket = 1
|
includesections = uidbasics
|
|
[limitedshell]
|
comment = alias for jk_lsh
|
includesections = jk_lsh
|
|
[cvs]
|
comment = Concurrent Versions System
|
executables = /usr/bin/cvs
|
devices = /dev/null
|
|
[git]
|
comment = Fast Version Control System
|
executables = /usr/bin/git*
|
directories = /usr/share/git-core
|
includesections = editors
|
|
[scp]
|
comment = ssh secure copy
|
executables = /usr/bin/scp
|
includesections = netbasics, uidbasics
|
devices = /dev/urandom
|
|
[sftp]
|
comment = ssh secure ftp
|
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
|
includesections = netbasics, uidbasics
|
devices = /dev/urandom, /dev/null
|
|
[ssh]
|
comment = ssh secure shell
|
executables = /usr/bin/ssh
|
includesections = netbasics, uidbasics
|
devices = /dev/urandom, /dev/tty
|
|
[rsync]
|
executables = /usr/bin/rsync
|
includesections = netbasics, uidbasics
|
|
[procmail]
|
comment = procmail mail delivery
|
executables = /usr/bin/procmail, /bin/sh
|
devices = /dev/null
|
|
[basicshell]
|
comment = bash based shell with several basic utilities
|
executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
|
regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
|
directories = /usr/lib/locale/en_US.utf8
|
users = root
|
groups = root
|
includesections = uidbasics
|
|
[midnightcommander]
|
comment = Midnight Commander
|
executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
|
directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
|
includesections = basicshell
|
|
[extendedshell]
|
comment = bash shell including things like awk, bzip, tail, less
|
executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usr/bin/whoami
|
includesections = basicshell, midnightcommander, editors
|
|
[editors]
|
comment = vim, joe and nano
|
executables = /usr/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
|
regularfiles = /etc/vimrc
|
directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo
|
|
[netutils]
|
comment = several internet utilities like wget, ftp, rsync, scp, ssh
|
executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
|
includesections = netbasics, ssh, sftp, scp
|
|
[apacheutils]
|
comment = htpasswd utility
|
executables = /usr/bin/htpasswd
|
|
[extshellplusnet]
|
comment = alias for extendedshell + netutils + apacheutils
|
includesections = extendedshell, netutils, apacheutils
|
|
[openvpn]
|
comment = jail for the openvpn daemon
|
executables = /usr/sbin/openvpn
|
users = root,nobody
|
groups = root,nogroup
|
includesections = netbasics
|
devices = /dev/urandom, /dev/random, /dev/net/tun
|
includesections = netbasics, uidbasics
|
need_logsocket = 1
|
|
[apache]
|
comment = the apache webserver, very basic setup, probably too limited for you
|
executables = /usr/sbin/apache
|
users = root, www-data
|
groups = root, www-data
|
includesections = netbasics, uidbasics
|
|
[perl]
|
comment = the perl interpreter and libraries
|
executables = /usr/bin/perl
|
directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
|
|
[xauth]
|
comment = getting X authentication to work
|
executables = /usr/bin/X11/xauth
|
regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
|
|
[xclients]
|
comment = minimal files for X clients
|
regularfiles = /usr/X11R6/lib/X11/rgb.txt
|
includesections = xauth
|
|
[vncserver]
|
comment = the VNC server program
|
executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
|
directories = /usr/X11R6/lib/X11/fonts/
|
includesections = xclients
|
|
|
#[xterm]
|
#comment = xterm
|
#executables = /usr/bin/X11/xterm
|
#directories = /usr/share/terminfo, /etc/terminfo
|
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
|