[rsbac] jail

Amon Ott rsbac@rsbac.org
Thu Aug 8 16:03:01 2002

Previous message: [rsbac] jail
Next message: [rsbac] patch-2.4.19-v1.2.0.gz moved to /patches
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, 8. August 2002 15:13, Bognar Attila wrote:
> Imagine a virtual machine within your OS/machine/system, with an IP 
> address. You can login with ssh for example, add users, run network 
> services, nearly anything.
> 
> Imagine a box (your real machine) and some boxes inside (jails).

> You set up a system under each myjail[i] (configure ssh, apache), then 
> (under FreeBSD) start the jails:
> 
> root # jail /jails/myjail1 myjail1.domain.com 192.168.0.11 /bin/sh /etc/rc
> root # jail /jails/myjail2 myjail2.domain.com 192.168.0.12 /bin/sh /etc/rc

Under RSBAC, it would be
root # rsbac_jail /jails/myjail1 192.168.0.11 /bin/sh /etc/rc
root # rsbac_jail /jails/myjail2 192.168.0.12 /bin/sh /etc/rc

If you want the automatic address adjustment for the ANY address 0.0.0.0, add 
the -a switch. There are some others, just call rsbac_jail without arg to see 
them, or read models.htm#jail.

If you test this, you can see the processes in /proc/rsbac-info/jails.

> root # telnet 192.168.0.11 80
> Trying 192.168.0.11...
> Connected to myjail1.domain.com
> Escape character is '^]'.
> GET /index.html
> <html>
> <body>
> Congratulation! You have successfully setup blabla
> </body>
> </html>
> root #

I have not implemented individual host names, because most server programs 
have their own settings or use /etc/hosts etc., which should be the one in 
the jail with the right name.

Amon.
--
http://www.rsbac.org

Previous message: [rsbac] jail
Next message: [rsbac] patch-2.4.19-v1.2.0.gz moved to /patches
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]