Personal tools
You are here: Home Hobbies Computers FreeBSD Jail: EZJail Install
Affiliates
Smarthome, Inc.

 

Handango Inc.

 

Camping World
 

Jail: EZJail Install

Install/Configure ezjail w/flavors, making jail creation even easier

Preface

Although you can maintain your FreeBSD jails manually and there are quite a few tutorials around, I like the implementation done through EZJails.

 

Installation

Only the EZJail port needs to be installed:

cd /usr/ports/sysutils/ezjail
make clean
make install
make clean

 

Configuration

There is only one configuration file for EZJail (ezjail.conf) which is completely documented, and although everything I use is defaults I prefer to uncomment such parameters in case the defaults should change during a port upgrade.  Therefore, copy the sample configuration file and edit according to your preferences:

cd /usr/local/etc
cp ezjail.conf.sample ezjail.conf
vi ezjail.conf

The following is my ezjail.conf file:

# ezjail.conf
#

ezjail_jaildir=/usr/jails
ezjail_jailtemplate=${ezjail_jaildir}/newjail
ezjail_jailbase=${ezjail_jaildir}/basejail
ezjail_sourcetree=/usr/src
# ezjail_portscvsroot=:pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs
# ezjail_ftphost=ftp.freebsd.org
ezjail_uglyperlhack="YES"

ezjail_mount_enable="YES"
ezjail_devfs_enable="YES"
# ezjail_devfs_ruleset="devfsrules_jail"
ezjail_procfs_enable="YES"
ezjail_fdescfs_enable="YES"

#

Finally we need to enable the userland ezjail.sh script to run by adding the following line to /etc/rc.conf:

ezjail_enable="YES"

 

Initialize the Base Jail

Before any jails can be created we need to initialize the base jail and update the ports collection within the base jail:

ezjail-admin update -i -p

(Note:  The "-i" parameter assumes you update your system through the buildworld process and have left the build tree in place)

 

EZJail Flavour Configuration

I copy the existing "default" flavour and create my own "standard" flavour:

cd /usr/jails/flavours
cp -R default standard
cd standard
vi ezjail.flavour

Then I add a default user with a known password (admin) and portmaster is also installed:

echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\
pw useradd -n admin -u 1001 -s /bin/sh -m -d /home/admin -G wheel -c 'Admin User' -H 0

# Add to the bottom of the file
cd /usr/ports/ports-mgmt/portmaster && make install && make clean

Next I edit the the rc.conf file to enable sshd access when the jails are created:

cd etc
vi rc.conf

The following is my rc.conf file:

# No network interfaces in jails
network_interfaces=""

# Prevent rpc
rpcbind_enable="NO"

# Prevent loads of jails doing their cron jobs at the same time
cron_flags="$cron_flags -J 15"

# Prevent syslog to open sockets
syslogd_flags="-ss"

# Prevent sendmail to try to connect to localhost
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Bring up sshd, it takes some time and uses some entropy on first startup
sshd_enable="YES"

Now create a resolv.conf file:

vi resolv.conf

The following is my resolv.conf file:

domain  kingsquarry.net
nameserver      192.168.1.51
nameserver      192.168.1.21

 

Conclusion

You should now have a base Jail with at least one flavor (if desired), you can now begin creating your jails.

Document Actions
« July 2010 »
July
SuMoTuWeThFrSa
123
45678910
11121314151617
18192021222324
25262728293031
Huntersville, NC Weather

Current Conditions
@

Temp :
Humidity :
Barometer :

Forecast