OpenSeaMap-dev:Server FreeBSD Jails

Aus OpenSeaMap-dev
Version vom 24. Dezember 2012, 13:25 Uhr von Dom (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== Installation == === Create Jail === Add alias. ifconfig lo0 alias <local-jail-address> netmask 255.255.255.255 vi /etc/rc.conf ifconfig_lo0_alias…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Installation

Create Jail

Add alias.

ifconfig lo0 alias <local-jail-address> netmask 255.255.255.255
 
vi /etc/rc.conf
  ifconfig_lo0_aliasN="inet <local-jail-address> netmask 255.255.255.255"

Create jail.

ezjail-admin create <jail-name> <local-jail-address>

Add ports tree.

rm /usr/jails/<jail-name>/usr/ports
mkdir /usr/jails/<jail-name>/usr/ports

vi /etc/fstab.<jail-name-corrected>
  /usr/ports /usr/jails/<jail-name>/usr/ports nullfs ro 0 0

Add DNS server.

cat /etc/resolv.conf | grep nameserver > /usr/jails/<jail-name>/etc/resolv.conf

Add port build config.

echo 'WITHOUT_X11=yes' >> /usr/jails/<jail-name>/etc/make.conf

Configure syslogd.

echo 'syslogd_flags="-ss"' >> /usr/jails/<jail-name>/etc/rc.conf

Configure sshd.

vi /usr/jails/<jail-name>/etc/ssh/sshd_config
  ListenAddress <local-jail-address>
  PermitRootLogin no
  ChallengeResponseAuthentication no

echo 'sshd_enable="YES"' >> /usr/jails/<jail-name>/etc/rc.conf

Configure firewall settings.

vi /etc/pf.conf
 rdr on $ext_if proto tcp from any to any port 22xx -> 127.0.0.xx port 22
 pass in on $ext_if inet proto tcp from any to 127.0.0.xx port 22 keep state

pfctl -f /etc/pf.conf

Start jail.

ezjail-admin start <jail-name>

Configureation inside jail

Connect to jail.

ezjail-admin console <jail-name>

Redirect mails for root.

vi /etc/aliases
  root: <mail-address>

newaliases

Install Ports

Connect to jail.

ezjail-admin console <jail-name>

Install portmaster.

cd /usr/ports/ports-mgmt/portmaster
make install clean
rehash

Install these ports in every jail.

portmaster -d -B sysutils/screen editors/vim ports-mgmt/portaudit

Install Service

Additional installations based on the service type.

Maintenance

TBD