Forum

Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Join Date
    July 2012
    Posts
    25

    issue chrooting ts3

    Is there a way to invoke ts3server_linux_x86 directly without using a shell .sh script?

    Also has anyone managed to get a chroot to work with ts3, or am I stuck with the less secure and unsupported ts2?

  2. #2
    Join Date
    July 2012
    Posts
    25
    I think some background is in order. It is a FC14 x86 VM I pay to have hosted.

    I currently have enemy-territory successfully chrooted and running screen on it. (http://tjw.org/etded/ <---good start)
    ET itself takes up about 80% of resident memory due to amount of modifications present. Before my last compromised event I had it on a daily reboot schedule. I have managed to tweak things now and things have been running for almost 3 months with no issues at this point with no reboots.

    I can get teamspeak3 to run if not in a chroot.

    The concern is one of making it more hack proof, given TS's history of being quite hackable due to default insecure behavior of the application itself. Some of that behavior can be modified, however.

    I can get it to run with screen and get it to run with init scripts. The problem is I want to invoke screen as I chroot it as I have with ET.

    The other thing that is occuring to me is that I may not be able to run concurrent Chroot jail directory structures. I can try adding the teamspeak daemon to the existing chroot and see if I can make it run that way which is the only thing I have not tried as of yet.

    The other thing to point out is that with the new era of virtualization there has been an emphasis removed from file system rights and security lock down as "It's a VM, I can just reload the latest snapshot". This is a bad precedence and habit. Just having another level of safety and security does not remove your responsibility to lock down your systems.

    Now that you have some background on my brain wracking conundrum, does anyone have any input on what one might do to help lock things down properly?

  3. #3
    Join Date
    January 2010
    Location
    Germany
    Posts
    2,029
    Code:
    cd /path/to/teamSpeak/Folder && export LD_LIBRARY_PATH="." && ./ts3server_linux_<arch>
    should work in theory.

  4. #4
    Join Date
    July 2012
    Posts
    25
    I had to rebuild with stock steps from:
    http://www.feldstudie.net/2009/12/22...how-to-chroot/

    It then worked on the new built from scratch dir structure.

    I found that this command seemed to launch it by itself:
    cd /home/chroot/ts3/home/ts3 && export LD_LIBRARY_PATH="." && ./ts3server_linux_x86 dbplugin=ts3db_mysql
    since I want to use MYSQL.

  5. #5
    Join Date
    July 2012
    Posts
    25
    2012-07-24 01:06:55.281592|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    2012-07-24 01:06:55.369072|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH
    2012-07-24 01:06:55.369170|INFO |DatabaseQuery | | dbPlugin version: 1
    2012-07-24 01:06:55.702698|ERROR |DatabaseQuery | | mysql_real_connect() failed with error: Access denied for user 'root'@'localhost' (using password: NO)
    2012-07-24 01:06:55.702795|CRITICAL|ServerLibPriv | | Server() DatabaseError

    Now I just can't seem to get su to see the user account, but I have always had that problem. Given that it is Fedora Core I have to wonder if the folks haven't done something weird with chroot to cause it to only allow one chroot directory structure.

    With the enemy territory server running for 90 days without a reboot, I don't think a reboot would fix things.

  6. #6
    Join Date
    July 2012
    Posts
    25
    for the database part I did this:
    shell> mysql -u root
    mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
    mysql> SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpwd');
    # mysql -u root -p
    use mysql;
    INSERT INTO user (Host,User,Password) VALUES('%','teamspeak',PASSWORD('pwd'));
    flush privileges;

    create database teamspeak;
    grant all privileges on teamspeak.* to [email protected];
    flush privileges;

    Then I figured out things by RingTFM
    ./ts3server_linux_x86 dbplugin=ts3db_mysql dbsqlcreatepath=create_mysql/
    that gets it to use the mysql plugin instead of the default sqllite plugin

    I run this string in chroot:
    export LD_LIBRARY_PATH="/home/ts3" && /home/ts3/ts3server_linux_x86 dbpluginparameter=ts3db_mysql.ini dbplugin=ts3db_mysql inifile=ts3server.ini

    the passwd file in the chroot:
    ts3:x:611:611::/home/ts3:/home/ts3/ts3server_linux_x86
    the relevant line in the /etc/passwd file
    ts3:x:611:611::/home/chroot/ts3:

    Then I noticed I need to allow the user on the db
    grant all privileges on teamspeak.* to [email protected];
    flush privileges;

  7. #7
    Join Date
    July 2012
    Posts
    25
    I got it somewhat working at this point:
    running: chroot /home/chroot/ts3 su - ts3

    gets:

    2012-07-26 01:00:50.528730|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    ERROR: openFile( file:logs/ts3server_2012-07-26__01_00_50.527255_0.log) failed
    2012-07-26 01:00:50.529967|INFO |DatabaseQuery | | Please make sure you use the supplied ts3server_minimal_runscript.sh to run the server, or set LD_LIBRARY_PATH yourself
    ERROR: openFile( file:logs/ts3server_2012-07-26__01_00_50.527255_0.log) failed
    2012-07-26 01:00:50.530038|CRITICAL|DatabaseQuery | | unable to load database plugin library "libts3db_sqlite3.so", halting!
    ERROR: openFile( file:logs/ts3server_2012-07-26__01_00_50.527255_0.log) failed
    You have new mail in /var/spool/mail/root

    To get to that point I had to edit /etc/passwd to:
    ts3:x:611:611::/home/chroot/ts3/./home/ts3:

    and edit /home/chroot/ts3 to:
    ts3:x:611:611::/home/ts3:/home/ts3/ts3server_linux_x86

    To come to the conclusion I needed to change the account on /etc/passwd I had to run:
    jk_jailuser -m -j /home/chroot/ts3 testuser
    I then copied the resulting line in /etc/passwd to the ts3 account.

  8. #8
    Join Date
    January 2010
    Location
    Germany
    Posts
    2,029
    Make sure the libts3db_sqlite.so is executable (+x) and owned by the user who is running the ts3 server. Aso use ts3server_startscript.sh start to run the server!

  9. #9
    Join Date
    July 2012
    Posts
    25
    Quote Originally Posted by SilentStorm View Post
    Make sure the libts3db_sqlite.so is executable (+x) and owned by the user who is running the ts3 server. Aso use ts3server_startscript.sh start to run the server!
    You do make a very valid point, and that is how one would normally do it. But, as others at my work have said, I invented the box since I think outside of it so much.

    I have looked over the scripts and I can see some great amounts have been thought to try and "idiot proof" things. The other thing I am trying to do in all of this is learn and understand linux to a greater extent.

    The other thing is that scripts can be modified. To prevent malicious alteration and execution, I am trying to set it so that I can directly launch the program so that I can call it using screen.

    I do greatly appreciate your comment, and if I can't get things to otherwise work, I will use your recommendation. I will probably use it in any case when I go to turn the launching of the program to a true service.

  10. #10
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192
    The user running the server will need permissions to create files in the logs subdirectory.

    The failure to load libts3db_sqlite3.so can have multiple causes: Make sure your LD_LIBRARY_PATH is indeed set correctly, and also make sure that the user running teamspeak has read permissions on the library.
    You think my answer is stupid ? Read This:
    http://www.catb.org/~esr/faqs/smart-...ons.html#intro

    In a world without fences and walls - who needs windows and gates ?

  11. #11
    Join Date
    July 2012
    Posts
    25
    Hmm... I already had TS3 set to own everything. It appears that I must chroot mysql as well. I am not sure if that deficiency is not causing the errors when invoking the executable alone.

    chroot /home/chroot/ts3 su - ts3
    2012-07-28 14:00:42.099825|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    2012-07-28 14:00:42.117070|INFO |DatabaseQuery | | Please make sure you use the supplied ts3server_minimal_runscript.sh to run the server, or set LD_LIBRARY_PATH yourself
    2012-07-28 14:00:42.117141|CRITICAL|DatabaseQuery | | unable to load database plugin library "libts3db_sqlite3.so", halting!
    [[email protected] bin]# chroot /home/chroot/ts3 su - ts3 dbpluginparameter=ts3db_mysql.ini dbplugin=ts3db_mysql inifile=ts3server.ini
    2012-07-28 14:02:28.140928|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    2012-07-28 14:02:28.217638|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH
    2012-07-28 14:02:28.217774|INFO |DatabaseQuery | | dbPlugin version: 1
    2012-07-28 14:02:28.231433|ERROR |DatabaseQuery | | mysql_real_connect() failed with error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
    2012-07-28 14:02:28.231693|CRITICAL|ServerLibPriv | | Server() DatabaseError

  12. #12
    Join Date
    July 2012
    Posts
    25
    having already installed mysql i Muxxed things up slightly. I had to copy all files for mysql to:
    /home/chroot/ts3/var/lib and preserve the directory structure.

    If I forgot a file I would get this error:
    Starting MySQL ERROR! Couldn't find MySQL manager (/home/chroot/ts3/var/lib/mysql/bin/mysqlmanager) or server (/home/chroot/ts3/var/lib/mysql/bin/mysqld_safe)

    Apparently file relational location has to be preserved as well.
    Source file locations:
    /var/lib/mysql
    /usr/bin (anything mysql)
    /usr/lib/mysql
    /usr/sbin (anything mysql)

    Then I had to edit /etc/init.d/mysql and add this:
    basedir=/home/chroot/ts3/var/lib/mysql
    datadir=/home/chroot/ts3/var/lib/mysql

    If you are doing a fresh install this may be a better option:
    http://www.symantec.com/connect/arti...ysql-step-step

  13. #13
    Join Date
    July 2012
    Posts
    25
    had to add /etc/my.cnf
    with:

    [client]
    port=3306
    socket=/home/chroot/ts3/var/lib/mysql/mysql.sock

    [mysqld]
    port=3306
    socket=/home/chroot/ts3/var/lib/mysql/mysql.sock
    key_buffer_size=16M
    max_allowed_packet=8M

    [mysqldump]
    quick

    I had to fix these issues:
    '/var/lib/mysql/mysql.sock' (13) chmod mysql dir to 755
    '/var/lib/mysql/mysql.sock' (2) ledit socket lines on the my.cnf file
    '/var/lib/mysql/mysql.sock' (111) delete mysql.sock (has bad info causing the problem)
    mysqladmin -u root -p status shows if server is running or not and it's status

    Now I get:
    chroot /home/chroot/ts3 su - ts3 dbpluginparameter=ts3db_mysql.ini dbplugin=ts3db_mysql inifile=ts3server.ini
    2012-07-29 13:02:57.910953|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    2012-07-29 13:02:57.976238|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH
    2012-07-29 13:02:57.976352|INFO |DatabaseQuery | | dbPlugin version: 1
    2012-07-29 13:02:58.165541|ERROR | | | Error reading the PRNG.
    2012-07-29 13:02:58.171491|CRITICAL| | | Encryption::initialize not called (yet)!!


    Further along, we are.

  14. #14
    Join Date
    July 2012
    Posts
    25
    I will try compiling from source as mentioned in the symantec article. I believe some hard coded depdencies are causing some issues with TS3 and MySQL trying to connect to the database in the jailed structure

    source that works from the horses mouth:
    http://dev.mysql.com/downloads/
    download version 5.0 ONLY!!!!
    Last edited by inbredhill; July 29th, 2012 at 10:37 PM. Reason: added link

  15. #15
    Join Date
    July 2012
    Posts
    25
    I got it working compiled from source but get stopped trying to initialize encryption

    chroot /home/chroot/ts3 su - ts3 dbpluginparameter=ts3db_mysql.ini dbplugin=ts3db_mysql inifile=ts3server.ini
    2012-08-11 13:14:13.236694|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.6 (2012-06-21 04:43:35)
    2012-08-11 13:14:13.297379|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH
    2012-08-11 13:14:13.297484|INFO |DatabaseQuery | | dbPlugin version: 1
    2012-08-11 13:14:13.363940|ERROR | | | Error reading the PRNG.
    2012-08-11 13:14:13.374628|CRITICAL| | | Encryption::initialize not called (yet)!!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. TS Issue
    By JoshO in forum Client Support
    Replies: 0
    Last Post: March 5th, 2014, 08:49 PM
  2. mic issue
    By ExtremeRuneGuides in forum Client Support
    Replies: 1
    Last Post: May 10th, 2013, 09:29 AM
  3. ts3 issue
    By crazedstickman in forum Client Support
    Replies: 2
    Last Post: August 5th, 2010, 10:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •