Generating a random password from command line

The following uses openssl to generate a random binary sequence “N” bytes long encoded in hex or base64. The “N” is all important. If you use base64 you get uppercase characters in the string which some sites require, you can also use hex which makes for a more readable string but it will be longer. If the people cracking your password are using an offline database (rainbow table) to crack the password longer random strings are better (this assumes they don’t know how you encoded your random bytes).

openssl -rand -base64 32

openssl -rand -hex 32

How long should “N” actually be? This table at wikipedia lists the given entropy in bits for various character sets. If using hex and you want 80 bits of entropy you need 16 bytes. Base64 is not listed but the character set has 64 symbols so the entropy is similar to the case sensitive with numbers which has 62 symbols so 80 bits would require 12 bytes. The number of bits you choose for entropy is up to you. Generally the longer the better and with tools like LastPass there are no reasons not to use 20 or more bytes per password.

Chrooting Squid, Apache and Perl

Is fairly straight forward.
You will need to be able to use the following commands with some confidence
ldd
strace
rsync
cp
Tips. When copying files make sure your umask is set to 022 and alias cp as follows:
alias cp=”cp -p”
If you are copying over any perl XS files ie *.so files make sure you also use ldd on these. As an example the PostgreSQL drivers require:
ldd usr/lib/perl5/auto/DBD/Pg/Pg.so
libpq.so.3 => /usr/lib/libpq.so.3 (0xb7fbf000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e89000)
libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0xb7e58000)
libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0xb7d59000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7cf1000)
libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7cc4000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7cb2000)
libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7c9d000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7c8e000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7c8b000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c68000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c65000)
A quick way to find your shared object files is as follows.
find /chroot_directory_name/usr/ | grep perl | grep “.*\.so$”
You will already have copied most of the shared object files over while copying squid and apache but there are most likely a few extra ones you are going to need in particular if you are using the DBI.