Changes between Version 10 and Version 11 of FreeBSDJail


Ignore:
Timestamp:
Oct 27, 2010, 6:34:27 AM (12 years ago)
Author:
Rick van der Zwet
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FreeBSDJail

    v10 v11  
    11This document will describe the setup of jail(8) and how-to configure all applications to work properly within a jail(8). It has the following design criteria/assumptions:
    2 * /usr/ports is shared throughout all installations (so are all the configuration for the ports then) and every system build all ports himself.
    3 * my sample jail is called {{{pzwet}}} and is located in file:/usr/jail/pzwet   
     2* file:/usr/ports is shared throughout all installations (so are all the configuration for the ports then) and every system build all ports himself.
     3* The sample jail is called {{{pzwet}}} and is located in file:/usr/jail/pzwet and has IP {{{178.63.108.109}}} assigned to it.
     4* All services dependencies are within their own jail, so I can start and stop jails without affecting the others.
     5* My sendmail setup has spam filtering --powered by file:mail/spamass-milter--  support for ''incoming'' email only.
    46
    57Important: Your jail server should not run ''any'' public facing services which does 'wildcard' binding to IP addresses, else it will 'claim' the service before your jail can take it.
     
    911{{{
    1012pzwet# cat <<EOF >> /etc/rc.conf
    11 shd_enable="YES"
     13#
     14# Base Services
     15sshd_enable="YES"
    1216syslogd_flags="-ss"
    1317
    1418sendmail_enable="YES"
    15 spamass_milter_enable="YES"
    16 spamass_milter_localflags="-i 78.46.112.168,0.0.0.0 -r -1 -- -U /var/run/spamd.sock"
    17 
    18 spamd_enable="YES"
    19 spamd_flags="--socketpath=/var/run/spamd.sock --nouser-config --username=nobody"
    2019
    2120# saving entropy bits is not useful within jails, as your host will do handle this.
     
    2423# Do NOT use if you rely on having your process to start at 'exact' that time.
    2524cron_flags="-J10"
     25
     26#
     27# Port Services
     28spamass_milter_enable="YES"
     29spamass_milter_localflags="-i 178.63.108.109,0.0.0.0 -r -1 -- -U /var/run/spamd.sock"
     30
     31spamd_enable="YES"
     32spamd_flags="--socketpath=/var/run/spamd.sock --nouser-config --username=nobody"
     33
    2634EOF
    2735}}}
     
    3139pzwet# make -C /usr/ports/ports-mgmt/portaudit BATCH=yes install clean; /usr/local/sbin/portaudit -Fda
    3240pzwet# make -C /usr/ports/editors/vim-lite BATCH=yes install clean
     41pzwet# make -C /usr/ports/mail/spamass-milter BATCH=yes install clean
    3342
    3443