FreeBSD Admin: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (12 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
* Update ports: | * Update ports: | ||
ezjail-admin update -P | ezjail-admin update -P | ||
* Upgrade release: | |||
Erst das Host System upgraden [https://www.freebsd.org/releases/11.0R/announce.html] | |||
freebsd-update upgrade -r 11.0-RELEASE | |||
freebsd-update install | |||
<reboot the system> | |||
freebsd-update install | |||
<rebuild third-party software> - if necessary | |||
freebsd-update install | |||
Dann über ezjail-admin die Jails [https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html] | |||
ezjail-admin update -b | |||
ezjail-admin update -i | |||
ezjail-admin update -u | |||
ezjail-admin update -U -s 10.1-RELEASE | |||
mergemaster -iFUP -D /usr/jails/www | |||
Original Dateien werden in /var/tmp/mergemaster/preserved... gespeichert | |||
'''Ports''' | '''Ports''' | ||
* Update outdated installed ports | * Update outdated installed ports | ||
portmaster -a | portmaster -b -a | ||
* Um möglichst pkg zu verwenden: | |||
portmaster -PP | |||
* List outdated ports | |||
pkg_version -vIL= | |||
* Uninstall all unused pkgs | |||
pkg_cutleaves | |||
'''Mail''' | |||
* sendmail from Jail | |||
Sendmail im Jail mit Smarthost | |||
Im Jail rennt nur ein 1 Sendmail, falls der Smarthost nicht erreichbar ist. | |||
/etc/rc.conf | |||
sendmail_enable="NO" | |||
sendmail_submit_enable="NO" | |||
sendmail_outbound_enable="NO" | |||
sendmail_msp_queue_enable="YES" | |||
/etc/mail/freebsd.submit.mc | |||
dnl FEATURE(`msp')dnl | |||
FEATURE(`msp',`[172.16.3.6]')dnl | |||
submit.cf bauen und starten: | |||
cd /etc/mail | |||
make | |||
make install | |||
make start | |||
Der Smarthost muss den Hostnamen des Jails kennen, | |||
z.B. in /etc/mail/local-host-names | |||
[http://www.bsdforen.de/threads/jails-sendmail-n%C3%B6tig.24289/] | |||
'''Fail2ban''' | |||
PF um IP Adressen zu blockieren - diese werden in Tabelle fail2ban eingetragen. | |||
Action pf-jan.conf entsprechend [http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9] anpassen. | |||
'''GELI/ZFS''' | |||
export NEWDISK=diskid/DISK-WD-WCC1P1093240 | |||
gpart create -s gpt $NEWDISK | |||
gpart add -t freebsd-swap -s 16776320 $NEWDISK | |||
gpart add -t freebsd-zfs -s 104857600 $NEWDISK | |||
gpart add -t freebsd-zfs -s 3785394144 $NEWDISK | |||
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 $NEWDISK | |||
geli init -K geli.key -J - /dev/${NEWDISK}p4 | |||
geli attach -j - -k /root/geli.key /dev/${NEWDISK}p4 | |||
Latest revision as of 08:25, 6 September 2020
EZJail
- Update ports:
ezjail-admin update -P
- Upgrade release:
Erst das Host System upgraden [1]
freebsd-update upgrade -r 11.0-RELEASE
freebsd-update install
<reboot the system>
freebsd-update install
<rebuild third-party software> - if necessary
freebsd-update install
Dann über ezjail-admin die Jails [2]
ezjail-admin update -b
ezjail-admin update -i
ezjail-admin update -u
ezjail-admin update -U -s 10.1-RELEASE
mergemaster -iFUP -D /usr/jails/www
Original Dateien werden in /var/tmp/mergemaster/preserved... gespeichert
Ports
- Update outdated installed ports
portmaster -b -a
- Um möglichst pkg zu verwenden:
portmaster -PP
- List outdated ports
pkg_version -vIL=
- Uninstall all unused pkgs
pkg_cutleaves
Mail
- sendmail from Jail
Sendmail im Jail mit Smarthost
Im Jail rennt nur ein 1 Sendmail, falls der Smarthost nicht erreichbar ist.
/etc/rc.conf
sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="YES"
/etc/mail/freebsd.submit.mc
dnl FEATURE(`msp')dnl FEATURE(`msp',`[172.16.3.6]')dnl
submit.cf bauen und starten:
cd /etc/mail make make install make start
Der Smarthost muss den Hostnamen des Jails kennen, z.B. in /etc/mail/local-host-names [3]
Fail2ban PF um IP Adressen zu blockieren - diese werden in Tabelle fail2ban eingetragen. Action pf-jan.conf entsprechend [4] anpassen.
GELI/ZFS
export NEWDISK=diskid/DISK-WD-WCC1P1093240
gpart create -s gpt $NEWDISK
gpart add -t freebsd-swap -s 16776320 $NEWDISK
gpart add -t freebsd-zfs -s 104857600 $NEWDISK
gpart add -t freebsd-zfs -s 3785394144 $NEWDISK
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 $NEWDISK
geli init -K geli.key -J - /dev/${NEWDISK}p4
geli attach -j - -k /root/geli.key /dev/${NEWDISK}p4