To DNS serve, or not to
"." at babolo.ru
"." at babolo.ru
Mon May 5 19:57:25 PDT 2003
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 2003.05.06 01:41:32 +0400, "."@babolo.ru wrote:
>
> > .. in jails.
> > This effectively protects from remote exploits
> > (converts them to DOS)
> > http://free.babolo.ru/ports/jailup/
> > for easy to use and adnministrate jail based
> > services
>
> Looks interesting - do you have it avaible in some format which is
> simpler to download than getting each file from the HTTP server ? (e.g
> as tarballs of the dirs).
cd /usp/ports
env CVSROOT=anoncvs at cvs.pike.ru:/repo/ports cvs get devel/babolo-libmake
env CVSROOT=anoncvs at cvs.pike.ru:/repo/ports cvs get jailup
There are ports, they work as usual ports
(depends on each other and another ports)
actual distfiles can be found from ports above or
env CVSROOT=anoncvs at cvs.pike.ru:/repo/jailup cvs get .
in development.
Usage:
dedicate some file system for jail, mount it
to /jail (or change in /usr/local/etc/jailup.conf)
then to build jail:
jailup bind8 relative-path hostname-for-jail ip-addr
inspect and de-comment /etc/rc.conf, /etc/fstab, /usr/local/etc/jailup.rc
mount and /usr/local/etc/rc.d/jailup.sh start named
another jails controlled in the same manner.
some jailups (ssh based or innd) instals strings
in /etc/rc.local
command 'jailup' without parameters just lists
possible kinds and 'jailup kind' lists short help.
Every string to control files installed commented.
oh, sorry - patch:
http://free.babolo.ru/patch/src.usr.sbin.jail.patch
for jail(1) - base system has very primitive jail(1)
You can not to replace system jail by patched command,
but place it somewhere and change in /usr/local/etc/jailup.conf
string jail=/usr/bin/jail for jail=/somewhere/jail
I build, rebild and control hundrids different
jails on 11 different servers - and jailup
gives me time for life :-)
More information about the freebsd-net
mailing list