147 lines
3.1 KiB
Plaintext
147 lines
3.1 KiB
Plaintext
== FreeBSD Jails ==
|
|
|
|
http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail
|
|
|
|
ab 0:40
|
|
|
|
== FreeBert ezjail installieren ==
|
|
|
|
<source lang=bash>
|
|
portsnap fetch update
|
|
|
|
cd /usr/ports/sysutils/ezjail
|
|
|
|
make config-recursive
|
|
make install
|
|
make clean
|
|
|
|
vi /usr/local/etc/ezjail.conf
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
# ezjail_sourcetree=/usr/src
|
|
|
|
ezjail_use_zfs="YES"
|
|
ezjail_use_zfs_for_jails="YES"
|
|
ezjail_jailzfs="zroot/ezjail"
|
|
|
|
ezjail_zfs_properties="-o checksum=fletcher4 -o compression=lz4 -o atime=off"
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
|
|
vi /etc/rc.conf
|
|
|
|
### ezjail // ###
|
|
ezjail_enable="NO"
|
|
### // ezjail ###
|
|
|
|
vi /etc/sysctl.conf
|
|
|
|
### ezjail // ###
|
|
security.jail.param.allow.raw_sockets=1
|
|
security.jail.allow_raw_sockets=1
|
|
### // ezjail ###
|
|
|
|
zfs create -o checksum=fletcher4 -o compression=lz4 -o mountpoint=/ezjail-admin zroot/ezjail-admin
|
|
zfs set aclmode=discard zroot/ezjail-admin
|
|
zfs set aclinherit=restricted zroot/ezjail-admin
|
|
|
|
chmod 700 /ezjail-admin
|
|
|
|
ezjail-admin install
|
|
ezjail-admin install -P
|
|
|
|
cp -pfv /etc/issue.net /usr/jails/newjail/etc
|
|
cp -pfv /etc/motd /usr/jails/newjail/etc
|
|
cp -pfv /etc/resolv.conf /usr/jails/newjail/etc
|
|
cp -pfv /etc/ssh/sshd_config /usr/jails/newjail/etc/ssh/sshd_config
|
|
|
|
mkdir /usr/jails/newjail/root/.ssh
|
|
chmod 700 /usr/jails/newjail/root/.ssh
|
|
cp -pfv /root/.ssh/authorized_keys /usr/jails/newjail/root/.ssh/authorized_keys
|
|
|
|
vi /usr/jails/newjail/etc/ssh/sshd_config
|
|
|
|
# ListAddress
|
|
|
|
vi /usr/jails/newjail/etc/rc.conf
|
|
|
|
### ### ### C3D2 - JAIL ### ### ###
|
|
|
|
sshd_enable="YES"
|
|
syslogd_enable="YES"
|
|
syslogd_flags="-ss"
|
|
sendmail_enable="NO"
|
|
|
|
### SSMTP
|
|
sendmail_submit_enable="NO"
|
|
sendmail_outbound_enable="NO"
|
|
sendmail_msp_queue_enable="NO"
|
|
|
|
### ### ### C3D2 - JAIL ### ### ###
|
|
# EOF
|
|
|
|
vi /etc/rc.local
|
|
|
|
/bin/echo "--- --- ---> ezjail // <--- --- ---"
|
|
/sbin/ifconfig lo1 create
|
|
/bin/echo ""
|
|
/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de
|
|
/bin/echo ""
|
|
/bin/echo "--- --- ---> // ezjail <--- --- ---"
|
|
</source>
|
|
|
|
|
|
== FreeBert Jails erstellen ==
|
|
|
|
<source lang=bash>
|
|
ezjail-admin create jail.hq.c3d2.de 'lagg0|172.22.99.XX,lagg0|2001:4dd0:fb82:c3d2::XX,lo1|127.0.X.1'
|
|
|
|
vi /usr/local/etc/ezjail/jail_hq_c3d2_de
|
|
|
|
export jail_jail_hq_c3d2_de_exec_stop="/bin/sh /etc/rc.shutdown"
|
|
export jail_jail_hq_c3d2_de_parameters="allow.raw_sockets=1 allow.sysvipc=1"
|
|
|
|
zfs set quota=50g zroot/ezjail/jail.hq.c3d2.de
|
|
|
|
/usr/local/bin/ezjail-admin onestart jail.hq.c3d2.de
|
|
|
|
ndp -a
|
|
|
|
jls
|
|
</source>
|
|
|
|
|
|
== FreeBert Jails starten / login ==
|
|
|
|
<source lang=bash>
|
|
ezjail-admin onestart jail.hq.c3d2.de
|
|
|
|
ezjail-admin console jail.hq.c3d2.de
|
|
</source>
|
|
|
|
|
|
== FreeBert Jails erster login ==
|
|
|
|
<source lang=bash>
|
|
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime
|
|
</source>
|
|
|
|
== FreeBert Jails Virtual Network Interfaces ==
|
|
(ng_bridge/ng_eiface) in Arbeit
|
|
|
|
== FreeBert Jail Container ==
|
|
|
|
*[[dhcp.hq.c3d2.de|dhcp]]
|
|
*[[dnscache.hq.c3d2.de|dnscache]]
|
|
*[[storage.hq.c3d2.de|storage]]
|
|
*[[squid.hq.c3d2.de|squid]]
|
|
*[[watchbert.hq.c3d2.de|watchbert]]
|
|
*[[beastbert.hq.c3d2.de|beastbert]]
|
|
*[[vert.hq.c3d2.de|vert]]
|
|
*[[rippen.hq.c3d2.de|rippen]]
|
|
*[[gitbert.hq.c3d2.de|gitbert]]
|
|
*[[listbert1.hq.c3d2.de|listbert1]]
|
|
*[[listbert2.hq.c3d2.de|listbert2]]
|
|
*[[saugbert.hq.c3d2.de|saugbert]]
|
|
*[[dilbert.hq.c3d2.de|dilbert]]
|