[rsbac] jail
Amon Ott
rsbac@rsbac.org
Thu Aug 8 16:03:01 2002
On Thursday, 8. August 2002 15:13, Bognar Attila wrote:
> Imagine a virtual machine within your OS/machine/system, with an IP
> address. You can login with ssh for example, add users, run network
> services, nearly anything.
>
> Imagine a box (your real machine) and some boxes inside (jails).
> You set up a system under each myjail[i] (configure ssh, apache), then
> (under FreeBSD) start the jails:
>
> root # jail /jails/myjail1 myjail1.domain.com 192.168.0.11 /bin/sh /etc/rc
> root # jail /jails/myjail2 myjail2.domain.com 192.168.0.12 /bin/sh /etc/rc
Under RSBAC, it would be
root # rsbac_jail /jails/myjail1 192.168.0.11 /bin/sh /etc/rc
root # rsbac_jail /jails/myjail2 192.168.0.12 /bin/sh /etc/rc
If you want the automatic address adjustment for the ANY address 0.0.0.0, add
the -a switch. There are some others, just call rsbac_jail without arg to see
them, or read models.htm#jail.
If you test this, you can see the processes in /proc/rsbac-info/jails.
> root # telnet 192.168.0.11 80
> Trying 192.168.0.11...
> Connected to myjail1.domain.com
> Escape character is '^]'.
> GET /index.html
> <html>
> <body>
> Congratulation! You have successfully setup blabla
> </body>
> </html>
> root #
I have not implemented individual host names, because most server programs
have their own settings or use /etc/hosts etc., which should be the one in
the jail with the right name.
Amon.
--
http://www.rsbac.org