« Previous 1 2 3 4
How to configure and use jailed processes in FreeBSD
Safely Behind Bars
Conclusions
The jail solution on FreeBSD is not only a security concept, it also provides a small virtualization solution. It gives data center administrators a powerful tool and allows Internet service providers to offer a root shell to their customers. The model's design ensures full security.
Jails also offer administrators on home networks a significant security advantage, for example, by locking up the DNS service and a web browser in a jail. These features all demonstrate that jails on FreeBSD can provide a genuine benefit with versatile applications.
Infos
- FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
- Nemeth, Evi, et al. Unix and Linux System Administration Handbook , 4th Edition. Prentice Hall. 2010.
- Sarmiento, Evan. "The Jail Subsystem," Chapter 4, in FreeBSD Architecture Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/jail.html
- Kamp, Poul-Henning, and Robert N.M. Watson, "Jails: Confining the omnipotent root": http://www.watson.org/~robert/freebsd/sane2000-jail.pdf
- McKusick, Marshall Kirk, and George V. Neville-Neil. The Design and Implementation of the FreeBSD Operating System , Chapter 4: The Jail Facility in FreeBSD 5.2. Addison-Wesley. 2004.
- Man pages: jail(8), jexec(8), jls(8), killall(1), ipfw(8), ezjail-admin(1), mount_nullfs(8)
- ISC DHCP daemon: http://www.isc.org/index.pl
- Postfix MTA: http://www.postfix.org
- FreeBSD Forums: http://forums.freebsd.org/
- PF packet filter manual: http://www.openbsd.org/faq/pf/
« Previous 1 2 3 4