Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 May 2003 07:00:38 +0400 (MSD)
From:      "."@babolo.ru
To:        "Simon L. Nielsen" <simon@nitro.dk>
Cc:        freebsd-net@freebsd.org
Subject:   Re: To DNS serve, or not to
Message-ID:  <1052190038.108778.2250.nullmailer@cicuta.babolo.ru>
In-Reply-To: <20030505215919.GB392@nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 

Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 2003.05.06 01:41:32 +0400, "."@babolo.ru wrote:
> 
> > .. in jails.
> > This effectively protects from remote exploits
> > (converts them to DOS)
> > http://free.babolo.ru/ports/jailup/
> > for easy to use and adnministrate jail based
> > services
> 
> Looks interesting - do you have it avaible in some format which is
> simpler to download than getting each file from the HTTP server ?  (e.g
> as tarballs of the dirs).

cd /usp/ports
env CVSROOT=anoncvs@cvs.pike.ru:/repo/ports cvs get devel/babolo-libmake
env CVSROOT=anoncvs@cvs.pike.ru:/repo/ports cvs get jailup

There are ports, they work as usual ports
(depends on each other and another ports)

actual distfiles can be found from ports above or

env CVSROOT=anoncvs@cvs.pike.ru:/repo/jailup cvs get .

in development.

Usage:
dedicate some file system for jail, mount it
to /jail (or change in /usr/local/etc/jailup.conf)
then to build jail:

jailup bind8 relative-path hostname-for-jail ip-addr

inspect and de-comment /etc/rc.conf, /etc/fstab, /usr/local/etc/jailup.rc

mount and /usr/local/etc/rc.d/jailup.sh start named
another jails controlled in the same manner.
some jailups (ssh based or innd) instals strings
in /etc/rc.local

command 'jailup' without parameters just lists
possible kinds and 'jailup kind' lists short help.
Every string to control files installed commented.

oh, sorry - patch:

http://free.babolo.ru/patch/src.usr.sbin.jail.patch

for jail(1) - base system has very primitive jail(1)
You can not to replace system jail by patched command,
but place it somewhere and change in /usr/local/etc/jailup.conf
string jail=/usr/bin/jail for jail=/somewhere/jail

I build, rebild and control hundrids different
jails on 11 different servers - and jailup
gives me time for life :-)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1052190038.108778.2250.nullmailer>