User Tools

Site Tools


технология_jail

This is an old revision of the document!


Технология jail

Создание "мира"

Инсталлируем исходные тексты системы

[server:~] # freebsd-update fetch
[server:~] # freebsd-update install

Следующее действие занимает несколько часов:

[server:~] # cd /usr/src
[server:~] # make buildworld
[server:~] # cd /usr/src
[server:~] # setenv D /var/jail/www
[server:~] # mkdir -p $D
[server:~] # make installworld DESTDIR=$D
[server:~] # make distribution DESTDIR=$D
[server:~] # mount_nullfs /usr/ports/ /var/jail/www/usr/ports

Запуск jail

[server:~] # cat /etc/rc.conf
...
jail_enable="YES"
jail_list="www"
jail_www_rootdir="/var/jail/www"
jail_www_hostname="www.corpX.un"
jail_www_interface="em0"
jail_www_ip="192.168.X.20"
jail_www_devfs_enable="YES"
jail_www_devfs_ruleset="devfsrules_jail"

[server:~] # sysctl security.jail.allow_raw_sockets=1

[server:~] # /etc/rc.d/jail start www

Просмотр и подключение к jail

[server:~] # jls

[server:~] # jexec N csh

www# sysctl security.jail.jailed

Настройка jail

www# cat /etc/rc.conf
hostname=www.corpX.un
sshd_enable=yes
www# cat /etc/resolv.conf
domain corpX.un
nameserver 192.168.X.10
www# cat /etc/hosts
127.0.0.1               localhost localhost.corpX.un

192.168.X.20            www.corpX.un www
технология_jail.1340712466.txt.gz · Last modified: 2013/05/22 13:50 (external edit)