(macam install freebsd dalam linux via vmware lah gitu-gitu apek).
Step by step :
Server yang di gunakan dalam contoh ini :
Dalam FreeBSD Master aku
www# uname -a
FreeBSD www.xxx.gov.my 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Thu May 21 18:21:54 MYT 2009
This e-mail address is being protected from spambots. You need JavaScript enabled to view it :/usr/obj/usr/src/sys/BENKYO i386
Lihat layout HD
www# df -ha
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 1.9G 271M 1.5G 15% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0s1f 8.6G 3.6G 4.3G 45% /usr
/dev/da0s1d 4.8G 41M 4.4G 1% /var
/dev/da0s1e 50G 2M 48G 0% /jail
Lihat ip aku
www# ifconfig
bge0: flags=8843 metric 0 mtu 1500
options=9b
ether 00:13:21:b4:27:f1
inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101
media: Ethernet autoselect (100baseTX )
status: active
plip0: flags=108810 metric 0 mtu 1500
lo0: flags=8049 metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
Arahan
# setenv D /jail/www
# mkdir -p $D
# cd /usr/src
# make buildworld
# make installworld DESTDIR=$D
# cd etc/
# make distribution DESTDIR=$D
# mount -t devfs devfs $D/dev
Lepas tu buka /etc/rc.conf, tambahkan baris ini :
#set ip alias buat jail
ifconfig_bge0_alias1="inet 10.0.0.100 netmask 255.255.255.0"
jail_set_hostname_allow="NO"
jail_enable="YES"
jail_list="www"
jail_interface="bge0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_mount_enable="NO"
jail_www_rootdir="/jail/www.xxx.gov.my/"
jail_www_hostname="db"
jail_www_ip="10.0.0.100"
jail_www_devfs_ruleset="devfsrules_jail"
Pastu kat rc.conf kat dalam jails pulak
www# ee /webserver/jails/etc/rc.conf
taruk bende semua2 ni :
hostname=”server-jails”
ifconfig_bge0=”inet 192.168.1.101 netmask 255.255.255.0"
defaultrouter=”192.168.1.1"
rpcbind_enable=”NO”
clear_tmp_enable=”YES”
sendmail_enable=”YES”
sshd_enable=”YES”
Save lah config tadi
Pastu copy resolv.conf
www# cp /etc/resolv.conf /webserver/jails/etc/
Mula jail :
www# /etc/rc.d/jail start
Configuring jails:.
Starting jails: server-jails.
Tengok proses jail tengah run :
%jls
JID IP Address Hostname Path
1 10.0.0.100 www /jail/www.xxx.gov.my
%jls -v
JID Hostname Path
Name State
CPUSetID
IP Address(es)
3 web /jail/web.xxx.gov.my
ALIVE
4
10.0.0.99
2 benkyo /jail/benkyo.xxx.gov.my
ALIVE
3
10.0.0.88
1 db /jail/db.xxx.gov.my
ALIVE
2
10.0.0.77
Buat password root untuk jails:
www# jexec 1 touch /etc/fstab
www# jexec 1 passwd
Changing local password for root
New Password:
Retype New Password:
www#
Buat user baru :
www# jexec 1 adduser
Username: azhax
Full name: azhax dalam jails
Uid (Leave empty for default):
Login group [azhax]: wheel
Login group is wheel. Invite azhax into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: csh
Home directory [/home/azhax]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : azhax
Password : *****
Full Name : azhax dalam jails
Uid : 1001
Class :
Groups : wheel
Home : /home/azhax
Shell : /bin/csh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (azhax) to the user database.
Add another user? (yes/no): no
Goodbye!
Login ke sistem :
www# jexec 1 login
llogin: azhax
Password:
Last login: Tue Jul 8 04:09:50 on ttyp0
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 7.0-RELEASE (BENKYO) #1: Mon Mar 31 08:52:19 WIT 2009
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it’s updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they’re also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a’, along with any relevant error messages, and email it
as a question to the This e-mail address is being protected from spambots. You need JavaScript enabled to view it mailing list. If you are
unfamiliar with FreeBSD’s directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man’.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
%su
Password:
mailserver# echo ‘Jail Server’ >> /etc/motd
Ubah akses ssh untuk remote akses :
www# /etc/rc.d/sshd stop
Stopping sshd.
server-jails# ee /etc/ssh/sshd_config
ubah bagian Listen Address nya, contoh :
#Port 22
#Protocol 2
#AddressFamily any
ListenAddress 192.168.1.111
#ListenAddress ::
simpan filenya dan restart ssh nya.
/etc/rc.d/sshd start
Test ssh dari windows/host lain untuk memastikan ssh server jail dah jalan sepenuhnya :
Login dengan user yang di buat di server jail tadi, user : azhax, password : manaakutau
Done.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
or from reference : http://blog.myazhax.net/2009/06/howto-jail/
| < Prev | Next > |
|---|
Comments