Fwmon Firewall Monitor (v1.1.0) - Setting up your chroot jail ------------------------------------------------------------------------- STEP 1. Directory structure First decide on a directory location where you will create your chroot jail, for this example we are using /var/fwmon. We also need a place for the files fwmon depends on. mkdir -p /var/fwmon/ mkdir -p /var/fwmon/etc STEP 2. Copy in the needed files Fwmon needs 2 files. /etc/protocols to resolve protocol numbers to names eg: TCP, UDP etc.. Also /etc/localtime, this makes sure fwmon reports the time according to your systems timezone. cp /etc/protocols /var/fwmon/etc/ cp /etc/localtime /var/fwmom/etc/ STEP 4. Deciding on a UID and GID You can use any UID or GID with fwmon. UIDS and GIDS less than 500 are usually reserved for system services, so it is recommended you find an unused one. As an example, we choose 250. groupadd -g 250 fwmon useradd -G 250 -u 250 fwmon Now, you will need to make sure this new UID can actually access the chroot jail and all the files in it. chown -R fwmon.fwmon /var/fwmon/etc/ STEP 3. Running fwmon You are now ready to run fwom. ([...] is where you put your usual options). Be aware that when you specify logfiles you must specify them relative to the chroot. eg: '-l /logfile.txt' actually logs to /var/fwmon/logfile.txt. /usr/sbin/fwmon -d -c /var/fwmon -u 250 -g 250 [...] STEP 4. HUPPing fwmon If you have a log rotation system setup. You may want to HUP fwmon after you rotate logs so that it will close the old logs and open the new ones.This will work fine. KNOWN PROBLEMS - Syslog doesn't seem to work from within the chroot - Chroot jails can be broken out of, especially if you don't drop root privs