{"description": "Running <tt>httpd</tt> inside a <tt>chroot</tt> jail is designed to isolate the\nweb server process to a small section of the filesystem, limiting the damage if\nit is compromised. Versions of Apache greater than 2.2.10 (such as the one\nincluded with Ubuntu 22.04) provide the <tt>ChrootDir</tt> directive. To run Apache\ninside a chroot jail in <tt>/chroot/apache</tt>, add the following line to\n<tt>/etc/httpd/conf/httpd.conf</tt>: <pre>ChrootDir /chroot/apache</pre> This\nnecessitates placing all files required by <tt>httpd</tt> inside\n<tt>/chroot/apache</tt> , including <tt>httpd</tt>'s binaries, modules,\nconfiguration files, and served web pages. The details of this configuration\nare beyond the scope of this guide. This may also require additional SELinux\nconfiguration.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Run httpd in a chroot Jail if Practical", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_chroot/group.yml"}