Displaying 20 results from an estimated 4000 matches similar to: "jails, ipfilter & stunnel"
2003 Apr 01
1
Jails and multihoming
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
are there any plans to allow FreeBSD jails to bind to more than one IP
address?
My scenario (virtual hosting) :
3 front-end hosts with 2 interfaces each, one on the public network, the
other on a private subnet.
1 back-end host, providing NFS mounts for the front-ends.
This scenarion is not uncommon in ISP environments, usually with a big
2005 Jul 13
2
mijail- Multiple IP's in a Jail
I have searched around the lists and Google and found this
HYPERLINK
"http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people.
freebsd.org/~pjd/patches/jail_2004120901.patch
I was wondering if anyone know of a multiple IP patch that works with
FreeBSD 5.4
I really do not understand why this is not included in the standard jail
I mean sure jail is handy for
2004 Apr 20
1
[patch] Raw sockets in jails
Although RAW sockets can be used when specifying the source
address of packets (defeating one of the aspects of the jail)
some people may find it usefull to use utilities like ping(8)
or traceroute(8) from inside jails.
Enclosed is a patch I have written which gives you the option
of allowing prison-root to create raw sockets inside the prison,
so
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server
I am setting up. Specifically, I would like to put Apache/PHP
in a jail, but I might like to set up 2-3 different jails for
different purposes.
I've found several examples showing how to set the jails up.
My questions involve system requirements. Assuming plenty of
disk space, 1GB ram and a dual processor PIII 1.13Ghz
2004 Jan 06
5
Logging user activities
Hello,
What do you recommend for keeping track of user
activities? For preserving bash histories I followed
these recommendations:
http://www.defcon1.org/secure-command.html
They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.
My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view
2007 Jan 11
2
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced:
2005 Aug 18
4
Closing information leaks in jails?
Hello,
I'm wondering about closing some information leaks in FreeBSD jails from
the "outside world".
Not that critical (depends on the application), but a simple user, with
restricted devfs in the jail (devfsrules_jail for example from
/etc/defaults/devfs.rules) can figure out the following:
- network interfaces related data, via ifconfig, which contains
everything, but the
2011 May 06
6
Rooting FreeBSD , Privilege Escalation using Jails (Pétur)
I read this (http://www.petur.eu/blog/?p=459) blog post today. It's
about that a remote user with root privilegs to a FreeBSD jail & user
privileges to the jails host machine can obtain root privileges on the
host machine.
Can someone confirm if this bugg/exploit works?
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi.
I've no response from so@ in this topic, probably because leak of time,
so I'll try here.
Here is a patch that I'm planing to commit:
http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch
It adds two new sysctls:
security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users
are not
2007 Mar 14
1
Check PRIV_VFS_MOUNT when jailed.
Hi.
I'd like to commit this patch:
http://people.freebsd.org/~pjd/patches/vfs_mount.c.9.patch
It currently should change nothing, but will be needed once we allow to
grant privileges for jails. I'd like to commit it now, so I can
experiment easier with my ZFS improvements.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org
2005 May 24
1
Jail support for mac_portacl(4).
Hi.
When we don't have too many IP addresses available and we want to run
for example www server inside a jail, but use the same IP address as
the main system, we need to actually use an internal IP address and
forward http port with firewall from external IP to jail's IP.
In that way we know that if somebody breaks into out jail, he cannot
run sshd server (we have keys, I know) or any
2003 Sep 18
2
Patching jails
I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.
2006 May 04
3
Jails and loopback interfaces
> I recently did something like this. I have a webserver in a jail that
> needs to talk to a database, and the webserver is the only thing that
> should talk to the databse.
> My solution was to use 2 jails: one for the webserver, and another for the
> database.
> Jail 1:
> * runs webserver
> * binds to real interface with real, routable IP
> Jail 2:
> *
2003 Apr 13
2
chroot() as non-root user?
I suspect this has been asked before but I'll ask anyway.
Q1: Is it possible for a non-root process to perform a chroot?
My interest is this: I have a typical ISP hosting account (verio; on a
FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet
protect myself (and my email, and my .ssh keys) from bugs being exploited
in those CGI packages. Chroot at the start
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone,
I have resently installed a jail environment on my freebsd box, and had some
problems getting postgresql running under it.
After looking a bit on various mailinglists i figured out that I needed to
set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
run.
However man jail gives me:
jail.sysvipc_allowed
This MIB entry determines whether or not
2017 Oct 24
3
scp setup jailed chroot on Centos7
-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner
Sent: Samstag, 21. Oktober 2017 00:41
To: CentOS mailing list
Subject: Re: [CentOS] scp setup jailed chroot on Centos7
> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>:
>
> Dear all
>
> I'm looking for instructions on how to setup a
2019 Feb 18
4
Troubles upgrading jailed DC from 4.8.7 to 4.8.9
On 2/17/19 8:18 PM, Rowland Penny via samba wrote:
> Possible things to check:
> Is the ip for vlan1 10.1.2.34 ?
Sure.
It's the only IP vlan1 has inside the jail; it's shown as an alias on
the base host.
> Try just setting 'vlan1'
You mean change "interfaces=vlan1 10.1.2.34/24" to just "interfaces=vlan1"?
It doesn't change anything (still
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to
jail'ed system from the main system (in which is created jail) the
connection is successful, but when i try to connect to jailed system from
anywhere else i get this message:
ssh: connect to host IP_NUMBER port 22: Operation timed out
What can be wrong here? How to solve this problem?
2004 May 17
4
Multi-User Security
Hello list.
I would like to get your opinion on what is a safe multi-user environment.
The scenario:
We would like to offer to some customers of ours some sort of network
backup/archive. They would put daily or weekly backups from their local
machine on our server using rsync and SSH. Therefore, they all have a user
account on our server. However, we must ensure that they would absolutely
not be
2005 Jan 11
1
Possible security issue with jails
Howdy!
I'm not sure if this is actually an issue, feature or a bug, but I have found
that inside a jail, the jailed root user is able to sniff traffic (and enable
promiscuous mode) on at least the interface of the IP address the jail is attached
to.
I have not found any documentation explaining if this should occur or not, but
I feel it is something that should at least be known to those