« Previous 1 2 3 4
How to configure and use jailed processes in FreeBSD
Safely Behind Bars
Conclusions
The jail solution on FreeBSD is not only a security concept, it also provides a small virtualization solution. It gives data center administrators a powerful tool and allows Internet service providers to offer a root shell to their customers. The model's design ensures full security.
Jails also offer administrators on home networks a significant security advantage, for example, by locking up the DNS service and a web browser in a jail. These features all demonstrate that jails on FreeBSD can provide a genuine benefit with versatile applications.
Infos
- FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
- Nemeth, Evi, et al. Unix and Linux System Administration Handbook , 4th Edition. Prentice Hall. 2010.
- Sarmiento, Evan. "The Jail Subsystem," Chapter 4, in FreeBSD Architecture Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/jail.html
- Kamp, Poul-Henning, and Robert N.M. Watson, "Jails: Confining the omnipotent root": http://www.watson.org/~robert/freebsd/sane2000-jail.pdf
- McKusick, Marshall Kirk, and George V. Neville-Neil. The Design and Implementation of the FreeBSD Operating System , Chapter 4: The Jail Facility in FreeBSD 5.2. Addison-Wesley. 2004.
- Man pages: jail(8), jexec(8), jls(8), killall(1), ipfw(8), ezjail-admin(1), mount_nullfs(8)
- ISC DHCP daemon: http://www.isc.org/index.pl
- Postfix MTA: http://www.postfix.org
- FreeBSD Forums: http://forums.freebsd.org/
- PF packet filter manual: http://www.openbsd.org/faq/pf/
« Previous 1 2 3 4
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Integrating FreeNAS with Windows Active Directory
FreeNAS offers a powerful array of features and is adaptable to a wide range of network-attached storage solutions. We look at integrating Windows Active Directory, taking snapshots, replicating, and backing up. -
A Password Protection Service
Fail2ban is a quick to deploy, easy to set up, and free to use intrusion prevention service that protects your systems from brute force and dictionary attacks. -
Established container solutions in Linux
Container solutions are not newcomers to the virtualization scene; they have existed for years. We look at the different flavors available for Linux systems. -
Capsicum – Additional seasoning for FreeBSD
Applications such as web browsers can open up vulnerabilities and threaten an entire system. As a remedy, Capsicum provides the option of finely granulated allocation of privileges on top of sandboxing. -
Build a Network Attached Storage System with FreeNAS
We provide an overview of FreeNAS and ZFS, its main filesystem, then show you how to set up and maintain a FreeNAS installation.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
