How to configure and use jailed processes in FreeBSD

Safely Behind Bars

Conclusions

The jail solution on FreeBSD is not only a security concept, it also provides a small virtualization solution. It gives data center administrators a powerful tool and allows Internet service providers to offer a root shell to their customers. The model's design ensures full security.

Jails also offer administrators on home networks a significant security advantage, for example, by locking up the DNS service and a web browser in a jail. These features all demonstrate that jails on FreeBSD can provide a genuine benefit with versatile applications.

Infos

  1. FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
  2. Nemeth, Evi, et al. Unix and Linux System Administration Handbook , 4th Edition. Prentice Hall. 2010.
  3. Sarmiento, Evan. "The Jail Subsystem," Chapter 4, in FreeBSD Architecture Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/jail.html
  4. Kamp, Poul-Henning, and Robert N.M. Watson, "Jails: Confining the omnipotent root": http://www.watson.org/~robert/freebsd/sane2000-jail.pdf
  5. McKusick, Marshall Kirk, and George V. Neville-Neil. The Design and Implementation of the FreeBSD Operating System , Chapter 4: The Jail Facility in FreeBSD 5.2. Addison-Wesley. 2004.
  6. Man pages: jail(8), jexec(8), jls(8), killall(1), ipfw(8), ezjail-admin(1), mount_nullfs(8)
  7. ISC DHCP daemon: http://www.isc.org/index.pl
  8. Postfix MTA: http://www.postfix.org
  9. FreeBSD Forums: http://forums.freebsd.org/
  10. PF packet filter manual: http://www.openbsd.org/faq/pf/

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus