== FreeBSD Jails ==

http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail

ab 0:40

== FreeBert ezjail installieren ==

<source lang=bash>
portsnap fetch update

cd /usr/ports/sysutils/ezjail

make config-recursive
make install
make clean

vi /usr/local/etc/ezjail.conf

### ### ### C3D2 ### ### ###
# ezjail_sourcetree=/usr/src

ezjail_use_zfs="YES"
ezjail_use_zfs_for_jails="YES"
ezjail_jailzfs="zroot/ezjail"

ezjail_zfs_properties="-o checksum=fletcher4 -o compression=lz4 -o atime=off"
### ### ### C3D2 ### ### ###
# EOF

vi /etc/rc.conf

### ezjail // ###
ezjail_enable="NO"
### // ezjail ###

vi /etc/sysctl.conf

### ezjail // ###
security.jail.param.allow.raw_sockets=1
security.jail.allow_raw_sockets=1
### // ezjail ###

zfs create -o checksum=fletcher4 -o compression=lz4 -o mountpoint=/ezjail-admin zroot/ezjail-admin
zfs set aclmode=discard zroot/ezjail-admin
zfs set aclinherit=restricted zroot/ezjail-admin

chmod 700 /ezjail-admin

ezjail-admin install
ezjail-admin install -P

cp -pfv /etc/issue.net /usr/jails/newjail/etc
cp -pfv /etc/motd /usr/jails/newjail/etc
cp -pfv /etc/resolv.conf /usr/jails/newjail/etc
cp -pfv /etc/ssh/sshd_config /usr/jails/newjail/etc/ssh/sshd_config

mkdir /usr/jails/newjail/root/.ssh
chmod 700 /usr/jails/newjail/root/.ssh
cp -pfv /root/.ssh/authorized_keys /usr/jails/newjail/root/.ssh/authorized_keys

vi /usr/jails/newjail/etc/ssh/sshd_config

# ListAddress

vi /usr/jails/newjail/etc/rc.conf

### ### ### C3D2 - JAIL ### ### ###

sshd_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NO"

### SSMTP
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

### ### ### C3D2 - JAIL ### ### ###
# EOF

vi /etc/rc.local

/bin/echo "--- --- ---> ezjail // <--- --- ---"
/sbin/ifconfig lo1 create
/bin/echo ""
/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de
/bin/echo ""
/bin/echo "--- --- ---> // ezjail <--- --- ---"
</source>


== FreeBert Jails erstellen ==

<source lang=bash>
ezjail-admin create jail.hq.c3d2.de 'lagg0|172.22.99.XX,lagg0|2001:4dd0:fb82:c3d2::XX,lo1|127.0.X.1'

vi /usr/local/etc/ezjail/jail_hq_c3d2_de

export jail_jail_hq_c3d2_de_exec_stop="/bin/sh /etc/rc.shutdown"
export jail_jail_hq_c3d2_de_parameters="allow.raw_sockets=1 allow.sysvipc=1"

zfs set quota=50g zroot/ezjail/jail.hq.c3d2.de

/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de

ndp -a

jls
</source>


== FreeBert Jails starten / login ==

<source lang=bash>
ezjail-admin onestart jail.hq.c3d2.de

ezjail-admin console jail.hq.c3d2.de
</source>


== FreeBert Jails erster login ==

<source lang=bash>
cp /usr/share/zoneinfo/Europe/Berlin  /etc/localtime
</source>

== FreeBert Jails Virtual Network Interfaces ==
(ng_bridge/ng_eiface) in Arbeit

== FreeBert Jail Container ==

*[[dhcp.hq.c3d2.de|dhcp]]
*[[dnscache.hq.c3d2.de|dnscache]]
*[[storage.hq.c3d2.de|storage]]
*[[squid.hq.c3d2.de|squid]]
*[[watchbert.hq.c3d2.de|watchbert]]
*[[beastbert.hq.c3d2.de|beastbert]]
*[[vert.hq.c3d2.de|vert]]
*[[rippen.hq.c3d2.de|rippen]]
*[[gitbert.hq.c3d2.de|gitbert]]
*[[listbert1.hq.c3d2.de|listbert1]]
*[[listbert2.hq.c3d2.de|listbert2]]
*[[saugbert.hq.c3d2.de|saugbert]]
*[[dilbert.hq.c3d2.de|dilbert]]