FreeBSD Admin: Difference between revisions

From Jan's Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(4 intermediate revisions by one other user not shown)
Line 15: Line 15:
     ezjail-admin update -u
     ezjail-admin update -u
     ezjail-admin update -U -s 10.1-RELEASE
     ezjail-admin update -U -s 10.1-RELEASE
     mergemaster -U -D /usr/jails/www
     mergemaster -iFUP -D /usr/jails/www
Original Dateien werden in /var/tmp/mergemaster/preserved... gespeichert
 
'''Ports'''
'''Ports'''
* Update outdated installed ports
* Update outdated installed ports
   portmaster -b -a
   portmaster -b -a
* Um möglichst pkg zu verwenden:
  portmaster -PP
* List outdated ports
* List outdated ports
   pkg_version -vIL=
   pkg_version -vIL=
Line 54: Line 58:
PF um IP Adressen zu blockieren - diese werden in Tabelle fail2ban eingetragen.
PF um IP Adressen zu blockieren - diese werden in Tabelle fail2ban eingetragen.
Action pf-jan.conf entsprechend [http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9] anpassen.
Action pf-jan.conf entsprechend [http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9] anpassen.
'''GELI/ZFS'''
export NEWDISK=diskid/DISK-WD-WCC1P1093240
gpart create -s gpt $NEWDISK
gpart add  -t freebsd-swap -s 16776320 $NEWDISK
gpart add  -t freebsd-zfs -s 104857600 $NEWDISK
gpart add  -t freebsd-zfs -s 3785394144 $NEWDISK
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 $NEWDISK
geli init -K geli.key -J -  /dev/${NEWDISK}p4
geli attach -j - -k /root/geli.key /dev/${NEWDISK}p4

Latest revision as of 08:25, 6 September 2020

EZJail

  • Update ports:
  ezjail-admin update -P
  • Upgrade release:

Erst das Host System upgraden [1] 

     freebsd-update upgrade -r 11.0-RELEASE
     freebsd-update install
     <reboot the system>
     freebsd-update install
     <rebuild third-party software> - if necessary
     freebsd-update install

Dann über ezjail-admin die Jails [2] 

    ezjail-admin update -b
    ezjail-admin update -i
    ezjail-admin update -u
    ezjail-admin update -U -s 10.1-RELEASE
    mergemaster -iFUP -D /usr/jails/www

Original Dateien werden in /var/tmp/mergemaster/preserved... gespeichert

Ports

  • Update outdated installed ports
  portmaster -b -a
  • Um möglichst pkg zu verwenden:
  portmaster -PP
  • List outdated ports
  pkg_version -vIL=
  • Uninstall all unused pkgs
pkg_cutleaves


Mail

  • sendmail from Jail

Sendmail im Jail mit Smarthost

Im Jail rennt nur ein 1 Sendmail, falls der Smarthost nicht erreichbar ist.

/etc/rc.conf 

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="YES"

/etc/mail/freebsd.submit.mc 

dnl FEATURE(`msp')dnl
FEATURE(`msp',`[172.16.3.6]')dnl

submit.cf bauen und starten: 

cd /etc/mail
make
make install
make start

Der Smarthost muss den Hostnamen des Jails kennen, z.B. in /etc/mail/local-host-names [3]

Fail2ban PF um IP Adressen zu blockieren - diese werden in Tabelle fail2ban eingetragen. Action pf-jan.conf entsprechend [4] anpassen.

GELI/ZFS 

export NEWDISK=diskid/DISK-WD-WCC1P1093240
gpart create -s gpt $NEWDISK
gpart add  -t freebsd-swap -s 16776320 $NEWDISK
gpart add  -t freebsd-zfs -s 104857600 $NEWDISK
gpart add  -t freebsd-zfs -s 3785394144 $NEWDISK
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 $NEWDISK
geli init -K geli.key -J -  /dev/${NEWDISK}p4
geli attach -j - -k /root/geli.key /dev/${NEWDISK}p4
Retrieved from "https://wiki.jans.space//index.php?title=FreeBSD_Admin&oldid=190"