FreeBSD jail: erinevus redaktsioonide vahel
Allikas: Kuutõrvaja
Mine navigeerimisribaleMine otsikasti
Resümee puudub |
Resümee puudub |
||
| 1. rida: | 1. rida: | ||
jail kiirelt ja mustalt | '''jail kiirelt ja mustalt''' | ||
| 12. rida: | 12. rida: | ||
jaili asukoht määratakse süsteemis muutuja D abil | jaili asukoht määratakse süsteemis muutuja D abil | ||
#!/bin/sh | #!/bin/sh | ||
D=/usr/jail/jail1 | D=/usr/jail/jail1 | ||
cd /usr/src | cd /usr/src | ||
mkdir -p $D | mkdir -p $D | ||
make installworld DESTDIR=$D | make installworld DESTDIR=$D | ||
cd /usr/src/etc | cd /usr/src/etc | ||
make distribution DESTDIR=$D | make distribution DESTDIR=$D | ||
mount_devfs devfs $D/dev | mount_devfs devfs $D/dev | ||
cd $D | cd $D | ||
ln -sf dev/null kernel | ln -sf dev/null kernel | ||
vajalik arvuti /etc/rc.confi lisada | vajalik arvuti /etc/rc.confi lisada | ||
ifconfig_fxp0="inet 172.17.0.183 netmask 255.255.255.0" | ifconfig_fxp0="inet 172.17.0.183 netmask 255.255.255.0" | ||
ifconfig_fxp0_alias0="inet 172.17.0.184 netmask 0xFFFFFFFF" | ifconfig_fxp0_alias0="inet 172.17.0.184 netmask 0xFFFFFFFF" | ||
# make it not conflict with jail | # make it not conflict with jail | ||
inetd_flags="-wW -a 172.17.0.183" | inetd_flags="-wW -a 172.17.0.183" | ||
# make syslog listen only on a local socket | # make syslog listen only on a local socket | ||
syslogd_flags="-ss" | syslogd_flags="-ss" | ||
# rpcbind would conflict with jail | # rpcbind would conflict with jail | ||
rpcbind_enable="NO" | rpcbind_enable="NO" | ||
# configure jail | # configure jail | ||
jail_enable="YES" | jail_enable="YES" | ||
jail_list="test" | jail_list="test" | ||
jail_test_hostname="yhikas" | jail_test_hostname="yhikas" | ||
jail_test_ip="172.17.0.184" | jail_test_ip="172.17.0.184" | ||
jail_test_rootdir="/usr/jail/jail1" | jail_test_rootdir="/usr/jail/jail1" | ||
jail_test_exec="/bin/sh /etc/rc" | jail_test_exec="/bin/sh /etc/rc" | ||
jail_test_procfs_enable="Yes" | |||
masina /etc/ssh/sshd_config lisame sellise konfi | |||
Port 22 | |||
Protocol 2 | |||
ListenAddress 172.17.0.183 | |||
UseDNS no | |||
Subsystem sftp /usr/libexec/sftp-server | |||
jaili /etc/rc.conf | jaili /etc/rc.conf | ||
rpcbind_enable="NO" | rpcbind_enable="NO" | ||
network_interfaces="" | network_interfaces="" | ||
hostname="yhikas" | hostname="yhikas" | ||
sshd_enable="YES" | sshd_enable="YES" | ||
sendmail_enable="NO" | sendmail_enable="NO" | ||
syslogd_flags="-ss" | syslogd_flags="-ss" | ||
inetd_flags="-wW -a 172.17.0.184" | inetd_flags="-wW -a 172.17.0.184" | ||
Jaili /etc/ssh/sshd_config | Jaili /etc/ssh/sshd_config | ||
Port 22 | Port 22 | ||
Protocol 2 | Protocol 2 | ||
ListenAddress 172.17.0.184 | ListenAddress 172.17.0.184 | ||
UseDNS no | UseDNS no | ||
Subsystem sftp /usr/libexec/sftp-server | Subsystem sftp /usr/libexec/sftp-server | ||
Jaili tyhi /etc/fstab | Jaili tyhi /etc/fstab | ||
touch /mnt/jail/etc/fstab | touch /mnt/jail/etc/fstab | ||
Jaili /etc/resolv.conf kirjutame enda nimeserveri mida kasutame mina kirjutasin sinna kadri.ut.ee | Jaili /etc/resolv.conf kirjutame enda nimeserveri mida kasutame mina kirjutasin sinna kadri.ut.ee | ||
echo "nameserver 193.40.5.94" >> /mnt/jail/etc/resolv.conf | echo "nameserver 193.40.5.94" >> /mnt/jail/etc/resolv.conf | ||
ln -s /var/run/log /mnt/jail/dev/log | ln -s /var/run/log /mnt/jail/dev/log | ||
paneme jaili käima lähme sinna sisse | paneme jaili käima lähme sinna sisse | ||
jail /usr/jail/jail1 test 172.17.0.184 /bin/sh | jail /usr/jail/jail1 test 172.17.0.184 /bin/sh | ||
nüüd võib luua userid seada root kasutaja parooli | nüüd võib luua userid seada root kasutaja parooli | ||
Redaktsioon: 22. oktoober 2006, kell 18:40
jail kiirelt ja mustalt
minu arvuti ip on 172.17.0.183
jaili ip otsutasin hakkab olema 172.17.0.184 ning jaili enda asukoht /usr/jail/jail1
esimesena kompileerime kokku süsteemi source ...eeldusel ,et see on olemas
cd /usr/src && make buildworld
nüüd loome väikse skripti mis meisterdab meile soovitud kohta jaili valmis jaili asukoht määratakse süsteemis muutuja D abil
#!/bin/sh D=/usr/jail/jail1 cd /usr/src mkdir -p $D make installworld DESTDIR=$D cd /usr/src/etc make distribution DESTDIR=$D mount_devfs devfs $D/dev cd $D ln -sf dev/null kernel
vajalik arvuti /etc/rc.confi lisada
ifconfig_fxp0="inet 172.17.0.183 netmask 255.255.255.0" ifconfig_fxp0_alias0="inet 172.17.0.184 netmask 0xFFFFFFFF" # make it not conflict with jail inetd_flags="-wW -a 172.17.0.183" # make syslog listen only on a local socket syslogd_flags="-ss" # rpcbind would conflict with jail rpcbind_enable="NO" # configure jail jail_enable="YES" jail_list="test" jail_test_hostname="yhikas" jail_test_ip="172.17.0.184" jail_test_rootdir="/usr/jail/jail1" jail_test_exec="/bin/sh /etc/rc" jail_test_procfs_enable="Yes"
masina /etc/ssh/sshd_config lisame sellise konfi
Port 22 Protocol 2 ListenAddress 172.17.0.183 UseDNS no Subsystem sftp /usr/libexec/sftp-server
jaili /etc/rc.conf
rpcbind_enable="NO" network_interfaces="" hostname="yhikas" sshd_enable="YES" sendmail_enable="NO" syslogd_flags="-ss" inetd_flags="-wW -a 172.17.0.184"
Jaili /etc/ssh/sshd_config
Port 22 Protocol 2 ListenAddress 172.17.0.184 UseDNS no Subsystem sftp /usr/libexec/sftp-server
Jaili tyhi /etc/fstab
touch /mnt/jail/etc/fstab
Jaili /etc/resolv.conf kirjutame enda nimeserveri mida kasutame mina kirjutasin sinna kadri.ut.ee
echo "nameserver 193.40.5.94" >> /mnt/jail/etc/resolv.conf
ln -s /var/run/log /mnt/jail/dev/log
paneme jaili käima lähme sinna sisse
jail /usr/jail/jail1 test 172.17.0.184 /bin/sh
nüüd võib luua userid seada root kasutaja parooli
nüüd peale rebooti hakkab jail tööle
võib logida sinna enda kasutajanimega ssh abil
