[rsbac] jail

Bognar Attila rsbac@rsbac.org
Thu Aug 8 15:51:02 2002 

--Boundary_(ID_z4E26RcAEghKVC8YcYUwmA)
Content-type: text/plain; format=flowed; charset=ISO-8859-2
Content-transfer-encoding: QUOTED-PRINTABLE

Hi,

Imagine a virtual machine within your OS/machine/system, with an IP=
=20
address. You can login with ssh for example, add users, run network=
=20
services, nearly anything.

Imagine a box (your real machine) and some boxes inside (jails).


A quick example, skipping some steps:

For example you make some jail filesystems under /jails:
/jails/myjail1/etc
/jails/myjail1/root
/jails/myjail1/usr
/jails/myjail1/var
/jails/myjail1/bin
/jails/myjail1/sbin
/jails/myjail1/...
/jails/myjail2/etc
/jails/myjail2/root
/jails/myjail2/usr
/jails/myjail2/var
/jails/myjail2/bin
/jails/myjail2/sbin
/jails/myjail2/...

=2E..

root # touch /jails/myjail1/root/thisisjail1
root # touch /jails/myjail1/root/thisisjail2



You set up a system under each myjail[i] (configure ssh, apache), the=
n=20
(under FreeBSD) start the jails:

root # jail /jails/myjail1 myjail1.domain.com 192.168.0.11 /bin/sh /e=
tc/rc
root # jail /jails/myjail2 myjail2.domain.com 192.168.0.12 /bin/sh /e=
tc/rc

Assuming you have set up a nameserver:
root # mkdir adir
root # cd adir
root # pwd
/root/adir
root # ssh root@myjail1.domain.com  (if you enable ssh root login...)
root@myjail1.domain.com's password:
root@myjail1.domain.com: # ls
thisisjail1
root@myjail1.domain.com: # pwd
/root
root@myjail1.domain.com: # ls /
bin  usr var root ....
root@myjail1.domain.com: #
CTRL-D
root # pwd
/root/adir
root # ssh root@myjail2.domain.com
root@myjail2.domain.com's password:
root@myjail2.domain.com: # ls
thisisjail2
root@myjail2.domain.com: # touch "ittjartam2"
root@myjail2.domain.com: # ls
thisisjail2   ittjartam2
root@myjail2.domain.com: #
CTRL-D
root # ls /jails/myjail1/root
thisisjail1
root # ls /jails/myjail2/root
thisisjail2   ittjartam2


root # telnet 192.168.0.11 80
Trying 192.168.0.11...
Connected to myjail1.domain.com
Escape character is '^]'.
GET /index.html
<html>
<body>
Congratulation! You have successfully setup blabla
</body>
</html>
root #


Recommend documentation (if you haven't read it yet):
http://www.freebsd.org/cgi/man.cgi?query=3Djail&apropos=3D0&sektion=
=3D0&manpath=3DFreeBSD+4.6-RELEASE&format=3Dhtml

Hope that's clear,

attila




ghorvath@minolta.hu =EDrta:

>
> Amon wrote it was like in *BSD. I  looked through *BSD's documentat=
ion=20
> about it and found quite a lot of information but - as always - a g=
ood=20
> example could help a lot.
> Doesn't really need anyone such a one except for me?   ;-)
>
> Bye,
> Gabor  Horvath
> ghorvath@minolta.hu
>
>
>
>
> *Peter Busser <p.busser01@chello.nl>*
> Felad=F3: rsbac-admin@rsbac.org
>
> 2002.08.08 15:55
> K=E9rem, v=E1laszoljon ennek a szem=E9lynek: rsbac
>
>       =20
>                   C=EDmzett:         rsbac@rsbac.org
>                   M=E1solat:       =20
>                      T=E1rgy:         Re: [rsbac] rsbac-v1.2.1-pre3=
=20
> uploaded
>
>
>
>
> Hi,
>
> > Despite my remaining to-do items, I'd like to roll out 1.2.1 soon=
,=20
> because
> > there are already 6 bugfixes for 1.2.0. Also, the new JAIL module=
=20
> could be
> > really useful. Everything else will just have to wait for 1.2.2 o=
r=20
> later.
>
> What does the JAIL module do?
>
> Groetjes,
> Peter Busser
> --=20
> UNIX is user friendly, it is just picky who to befriend with.
>
> "Silly hacker, root is for administrators"
>                 -Unknown
>
> _______________________________________________
> rsbac mailing list
> rsbac@rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
>
>



--Boundary_(ID_z4E26RcAEghKVC8YcYUwmA)
Content-type: text/html; charset=ISO-8859-2
Content-transfer-encoding: QUOTED-PRINTABLE

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <title></title>
</head>
<body>
Hi,<br>
<br>
Imagine a virtual machine within your OS/machine/system, with an IP a=
ddress.
You can login with ssh for example, add users, run network services, =
nearly
anything.<br>
<br>
Imagine a box (your real machine) and some boxes inside (jails).<br>
<br>
<br>
A quick example, skipping some steps:<br>
<br>
For example you make some jail filesystems under /jails:<br>
/jails/myjail1/etc<br>
/jails/myjail1/root<br>
/jails/myjail1/usr<br>
/jails/myjail1/var<br>
/jails/myjail1/bin<br>
/jails/myjail1/sbin<br>
/jails/myjail1/...<br>
/jails/myjail2/etc<br>
 /jails/myjail2/root<br>
 /jails/myjail2/usr<br>
 /jails/myjail2/var<br>
/jails/myjail2/bin<br>
 /jails/myjail2/sbin<br>
 /jails/myjail2/...<br>
<br>
=2E..<br>
<br>
root # touch /jails/myjail1/root/thisisjail1<br>
root # touch /jails/myjail1/root/thisisjail2<br>
<br>
<br>
<br>
You set up a system under each myjail[i] (configure ssh, apache), the=
n (under
FreeBSD) start the jails:<br>
<br>
root # jail /jails/myjail1 myjail1.domain.com 192.168.0.11 /bin/sh /e=
tc/rc<br>
root # jail /jails/myjail2 myjail2.domain.com 192.168.0.12 /bin/sh /e=
tc/rc<br>
<br>
Assuming you have set up a nameserver:<br>
root # mkdir adir<br>
root # cd adir<br>
root # pwd<br>
/root/adir<br>
root # ssh <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@=
myjail1.domain.com">root@myjail1.domain.com</a> =A0(if you enable ssh=
 root login...)<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail1.dom=
ain.com">root@myjail1.domain.com</a>'s password:<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail1.dom=
ain.com:">root@myjail1.domain.com:</a> # ls<br>
thisisjail1<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail1.dom=
ain.com:">root@myjail1.domain.com:</a> # pwd<br>
/root<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail1.dom=
ain.com:">root@myjail1.domain.com:</a> # ls /<br>
bin=A0 usr var root ....<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail1.dom=
ain.com:">root@myjail1.domain.com:</a> # <br>
CTRL-D<br>
root # pwd<br>
 /root/adir<br>
root # ssh <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@=
myjail2.domain.com">root@myjail2.domain.com</a><br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail2.do=
main.com">root@myjail2.domain.com</a>'s password:<br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail2.do=
main.com:">root@myjail2.domain.com:</a> # ls<br>
 thisisjail2<br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail2.do=
main.com:">root@myjail2.domain.com:</a> # touch "ittjartam2"<br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail2.do=
main.com:">root@myjail2.domain.com:</a> # ls<br>
thisisjail2 =A0 ittjartam2<br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:root@myjail2.do=
main.com:">root@myjail2.domain.com:</a> # <br>
 CTRL-D<br>
root # ls /jails/myjail1/root<br>
thisisjail1<br>
root # ls /jails/myjail2/root<br>
thisisjail2 =A0 ittjartam2<br>
<br>
<br>
root # telnet 192.168.0.11 80<br>
Trying 192.168.0.11...<br>
Connected to myjail1.domain.com<br>
Escape character is '^]'.<br>
GET /index.html<br>
&lt;html&gt;<br>
&lt;body&gt;<br>
Congratulation! You have successfully setup blabla<br>
&lt;/body&gt;<br>
&lt;/html&gt;<br>
root #<br>
<br>
<br>
Recommend documentation (if you haven't read it yet):<br>
<a class=3D"moz-txt-link-freetext" href=3D"http://www.freebsd.org/cgi=
/man.cgi?query=3Djail&apropos=3D0&sektion=3D0&manpath=3DFreeBSD+4.6-R=
ELEASE&format=3Dhtml">http://www.freebsd.org/cgi/man.cgi?query=3Djail=
&amp;apropos=3D0&amp;sektion=3D0&amp;manpath=3DFreeBSD+4.6-RELEASE&am=
p;format=3Dhtml</a><br>
<br>
Hope that's clear,<br>
<br>
attila<br>
<br>
<br>
<br>
<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:ghorvath@minolta=
.hu">ghorvath@minolta.hu</a> =EDrta:<br>
<blockquote type=3D"cite"
 cite=3D"midOF35EAAD2D.74DD2856-ONC1256C0F.0042042E@minolta.hu"> <br>
  <font size=3D"2" face=3D"sans-serif">Amon wrote it was like in *BSD=
. I =A0looked
through *BSD's documentation about it and found quite a lot of inform=
ation
but - as always - a good example could help a lot. </font> <br>
  <font size=3D"2" face=3D"sans-serif">Doesn't really need anyone suc=
h a one
except for me? =A0 ;-)</font> <br>
 <br>
  <font size=3D"2" face=3D"sans-serif">Bye, </font> <br>
  <font size=3D"2" face=3D"sans-serif">Gabor =A0Horvath</font> <br>
  <font size=3D"2" face=3D"sans-serif"><a class=3D"moz-txt-link-abbre=
viated" href=3D"mailto:ghorvath@minolta.hu">ghorvath@minolta.hu</a></=
font> <br>
 <br>
 <br>
 <br>
=20
  <table width=3D"100%">
 <tbody>
      <tr valign=3D"top">
 <td> <br>
        </td>
        <td><font size=3D"1" face=3D"sans-serif"><b>Peter Busser <a c=
lass=3D"moz-txt-link-rfc2396E" href=3D"mailto:p.busser01@chello.nl">&=
lt;p.busser01@chello.nl&gt;</a></b></font>=20
        <br>
        <font size=3D"1" face=3D"sans-serif">Felad=F3: <a class=3D"mo=
z-txt-link-abbreviated" href=3D"mailto:rsbac-admin@rsbac.org">rsbac-a=
dmin@rsbac.org</a></font>=20
        <p><font size=3D"1" face=3D"sans-serif">2002.08.08 15:55</fon=
t> <br>
        <font size=3D"1" face=3D"sans-serif">K=E9rem, v=E1laszoljon e=
nnek a szem=E9lynek:
rsbac</font> <br>
 </p>
        </td>
        <td><font size=3D"1" face=3D"Arial">=A0 =A0 =A0 =A0 </font> <=
br>
        <font size=3D"1" face=3D"sans-serif">=A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 C=EDmzett: =A0 =A0 =A0
=A0 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:rsbac@rsbac.=
org">rsbac@rsbac.org</a></font> <br>
        <font size=3D"1" face=3D"sans-serif">=A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 M=E1solat: =A0 =A0 =A0
=A0 </font> <br>
        <font size=3D"1" face=3D"sans-serif">=A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0T=E1rgy: =A0 =A0
=A0 =A0 Re: [rsbac] rsbac-v1.2.1-pre3 uploaded</font></td>
      </tr>
    </tbody>
  </table>
 <br>
 <br>
 <br>
  <font size=3D"2" face=3D"Courier New">Hi,<br>
 <br>
 &gt; Despite my remaining to-do items, I'd like to roll out 1.2.1 so=
on,
because <br>
 &gt; there are already 6 bugfixes for 1.2.0. Also, the new JAIL modu=
le could
be <br>
 &gt; really useful. Everything else will just have to wait for 1.2.2=
 or
later.<br>
 <br>
 What does the JAIL module do?<br>
 <br>
 Groetjes,<br>
 Peter Busser<br>
 -- <br>
 UNIX is user friendly, it is just picky who to befriend with.<br>
 <br>
 "Silly hacker, root is for administrators"<br>
  =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 -Unknown<br>
 <br>
 _______________________________________________<br>
 rsbac mailing list<br>
 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:rsbac@rsbac.org=
">rsbac@rsbac.org</a><br>
 <a class=3D"moz-txt-link-freetext" href=3D"http://www.rsbac.org/mail=
man/listinfo/rsbac">http://www.rsbac.org/mailman/listinfo/rsbac</a><b=
r>
 </font> <br>
 <br>
 </blockquote>
<br>
</body>
</html>


--Boundary_(ID_z4E26RcAEghKVC8YcYUwmA)--