similar to: Jails and loopback interfaces

Displaying 20 results from an estimated 3000 matches similar to: "Jails and loopback interfaces"

2006 May 04
3
Jails and loopback interfaces
> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *
2005 Sep 21
3
Cisco AS5XXX + CallerID Name
Hi guys. We have currently Asterisk CVS-v1-0-08/15/05-15:53:48 connected in SIP with a Cisco AS5300 (IOS 12.3). One PRI is connected to the Cisco gateway. The problem we have is that on incoming PSTN calls to the AS5300, relayed in SIP to Asterisk, the callerID name is not being transmitted. We received the callerID number but no name. I know we are receiving the name from the PRI in
2006 Sep 07
3
comments on handbook chapter
``You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the schg flag (see chflags(1)) on every system binary because while this may temporarily protect the binaries, it prevents an attacker who has broken in from making an easily
2007 Jan 13
3
Permission denied by op
i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src
2005 Sep 24
1
Encrypt some services with ipsec
Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny
2005 Dec 23
1
isolinux.cfg location?
Hi, On isolinux's website, it is stated that: "NOTE: ISOLINUX will search for the config file directory in the order /boot/isolinux, /isolinux, /. The first directory that exists is used, even if it contains no files. Therefore, please make sure that these directories don't exist if you don't want ISOLINUX to use them." Why this limitation is present?? I'm trying
2004 Sep 23
3
Problems with Samba 3.0.5 only seeing 1360 files on a share to a Windows 2000
Hi, I have a share: [share] path = /appl/md/data valid users = +asd write list = +asd read only = No create mask = 0664 directory mask = 0775 And it has directories that have 3000 files in them, but when I look at the same directory thru a Windows 2000, I only see 1360 files, no more. If I type the path a file that isn't shown in the
2004 Jul 23
1
My node is restarted when running OCFS
Hi, I am trying to install Oracle 9i RAC on SLES 8 SP3 with a shared firewire disk. I am using the following OCFS: OCFS Release 1.0.11-1 for suse sp3 2.4.21-138 smp kernel ocfs-2.4.21-138-smp-1.0.11-1.i586.rpm ocfs-tools-1.0.10-1.i386.rpm ocfs-support-1.0.10-1.i386.rpm 1/ I have configured OCFS and a shared file system /opt/oracle/oradata 2/ I have created a raw device for use as quorum
2003 Sep 18
2
Patching jails
I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.
2020 Jul 30
2
NTP and FreeBSD jails
FreeBSD-12.1p7 Samab-4.10.15 running in FreeBSD Jail I just wish to ensure that my conclusion respecting Samba, FreeBSD Jails, and NTP is correct. 1. Unless configured otherwise Windows domain clients will query and obtain their time from the samba_server DC. 2. Samba_server obtains its time from the OS, in this case a FreeBSD Jail. 3. FreeBSD Jails get their time from their host. 4. If
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another
2011 May 06
6
Rooting FreeBSD , Privilege Escalation using Jails (Pétur)
I read this (http://www.petur.eu/blog/?p=459) blog post today. It's about that a remote user with root privilegs to a FreeBSD jail & user privileges to the jails host machine can obtain root privileges on the host machine. Can someone confirm if this bugg/exploit works?
2008 Oct 28
3
7.x and multiple IPs in jails
Hello all, I've been searching around and have come up with no current discussions on this issue. I'll keep it brief: In 7.0 or 7.1 is there any provision to have multiple IP addresses in a jail? I'm stumped on this, as I just started a new hosting project that needs a few jails. At least one of those requires multiple IPs, which is something I never really even realized was
2005 Aug 18
4
Closing information leaks in jails?
Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the
2005 Mar 03
4
Renaming root account
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, One quick question: Is it safe and/or sensible to rename the root account, so that the only uid 0 user on a system is something different to root? I can see how this would be effective against external attackers who have no knowledge of the internals of the system as they would spend pointless hours trying to crack a user which doesnt
2007 Jul 02
1
Jails and loopback interfaces
I've got a server running FreeBSD 6.2 and PF. The server has a couple dozen jails on it. Previously, I had a few "private" services such as MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails running on the public IPs. I have to renumber my machine with a new block of public IPs so I thought I'd be clever and move all the jails onto loopback IPs. Then
2004 Apr 20
1
[patch] Raw sockets in jails
Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so
2006 Jun 29
3
Secure connection from "localhost" in jails
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear dovecot developers, first: thanks for this really cool imapd, on my server it serves some hundred domains, all in all some thousand users, some having hundred thousand mails in their Maildirs (their spam boxes mostly). Since I put this installation in an FreeBSD geli encrypted disc image I had no choice but to choose an imapd with clever
2005 Nov 16
11
Need urgent help regarding security
Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills