Server/freebert/ezjail: Unterschied zwischen den Versionen

Aus C3D2
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „== FreeBSD Jails == http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail ab 0:40 == FreeBert ezjail installieren == <source lang=bash> portsnap fet…“)
(kein Unterschied)

Version vom 12. April 2014, 18:28 Uhr

FreeBSD Jails

http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail

ab 0:40

FreeBert ezjail installieren

portsnap fetch update

cd /usr/ports/sysutils/ezjail

make config-recursive
make install
make clean

vi /usr/local/etc/ezjail.conf

### ### ### C3D2 ### ### ###
# ezjail_sourcetree=/usr/src

ezjail_use_zfs="YES"
ezjail_use_zfs_for_jails="YES"
ezjail_jailzfs="zroot/ezjail"

ezjail_zfs_properties="-o checksum=fletcher4 -o compression=lz4 -o atime=off"
### ### ### C3D2 ### ### ###
# EOF

vi /etc/rc.conf

### ezjail // ###
ezjail_enable="NO"
### // ezjail ###

vi /etc/sysctl.conf

### ezjail // ###
security.jail.param.allow.raw_sockets=1
security.jail.allow_raw_sockets=1
### // ezjail ###

zfs create -o checksum=fletcher4 -o compression=lz4 -o mountpoint=/ezjail-admin zroot/ezjail-admin
zfs set aclmode=discard zroot/ezjail-admin
zfs set aclinherit=restricted zroot/ezjail-admin

chmod 700 /ezjail-admin

ezjail-admin install
ezjail-admin install -P

cp -pfv /etc/issue.net /usr/jails/newjail/etc
cp -pfv /etc/motd /usr/jails/newjail/etc
cp -pfv /etc/resolv.conf /usr/jails/newjail/etc
cp -pfv /etc/ssh/sshd_config /usr/jails/newjail/etc/ssh/sshd_config

mkdir /usr/jails/newjail/root/.ssh
chmod 700 /usr/jails/newjail/root/.ssh
cp -pfv /root/.ssh/authorized_keys /usr/jails/newjail/root/.ssh/authorized_keys

vi /usr/jails/newjail/etc/ssh/sshd_config

# ListAddress

vi /usr/jails/newjail/etc/rc.conf

### ### ### C3D2 - JAIL ### ### ###

sshd_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NO"

### SSMTP
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

### ### ### C3D2 - JAIL ### ### ###
# EOF

vi /etc/rc.local

/bin/echo "--- --- ---> ezjail // <--- --- ---"
/sbin/ifconfig lo1 create
/bin/echo ""
/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de
/bin/echo ""
/bin/echo "--- --- ---> // ezjail <--- --- ---"


FreeBert Jails erstellen

ezjail-admin create jail.hq.c3d2.de 'lagg0|172.22.99.XX,lagg0|2001:4dd0:fb82:c3d2::XX,lo1|127.0.X.1'

vi /usr/local/etc/ezjail/jail_hq_c3d2_de

export jail_jail_hq_c3d2_de_exec_stop="/bin/sh /etc/rc.shutdown"
export jail_jail_hq_c3d2_de_parameters="allow.raw_sockets=1 allow.sysvipc=1"

zfs set quota=50g zroot/ezjail/jail.hq.c3d2.de

/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de

ndp -a


FreeBert Jails starten / login

/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de

ndp -a

/usr/local/bin/ezjail-admin console jail.hq.c3d2.de


FreeBert Jails erster login

cp /usr/share/zoneinfo/Europe/Berlin  /etc/localtime