manfaat dari pemakaian adalah lebih pd masalah security
mkdir /usr/jail
cd /usr/src
make installworld DESTDIR=/usr/jail
make distribution DESTDIR=/usr/jail
mount -t devfs devfs /usr/jail2/dev
-----------/etc/rc.conf----ganti em0 dg jenis interface yg ada
ifconfig_em0="inet 192.168.200.63 netmask 255.255.255.0"
ifconfig_em0_alias0="inet 192.168.200.64 netmask 255.255.255.0"
ifconfig_em0_alias1="inet 192.168.200.65 netmask 255.255.255.0"
jail_enable="YES" # Set to NO to disable starting of any jails
jail_procfs_enable="YES"
#jail_procfs_ruleset="jail"
jail_list="jail" # Space separated list of names of jails
jail_jail_rootdir="/usr/jail" # jail's root directory
jail_jail_hostname="jail.bego.net" # jail's hostname
jail_jail_ip="192.168.200.64" # jail's IP address
jail_jail_devfs_enable="YES" # mount devfs in the jail
jail_jail_devfs_ruleset="jail_ruleset" # devfs ruleset to apply to jail
-----------------------
set diluar jail-----------------------sysctl.conf
#-jail
security.jail.set_hostname_allowed=1
security.jail.allow_raw_sockets=0
security.jail.enforce_statfs=1
security.jail.socket_unixiproute_only=1
security.jail.sysvipc_allowed=0
security.jail.chflags_allowed=1
---------------------------------
set didalam jail:
jail /directory/jail hostname ip.alias.jail /bin/sh
- create user
su
adduser
- rubah password su
- rubah ssh config
- port
- ip
- isi resolv.conf
start/stop jail daemon
/etc/rc.d/jail start namajail_diconfig #namajail_diconfig di /etc/rc.conf
/etc/rc.d/jail stop namajail_diconfig
Tidak ada komentar:
Posting Komentar