Archive for February 20th, 2008

FreeBSD 7 Installation and setup for tightened security / Multiple IPs in Jail problems

Wednesday, February 20th, 2008

In Saturday I went to Bergon. To help with the install and configuration of a FreeBSD 7 system to Static and Kiril(e.g. Arkadietz).The install went smoothly. Then I csupped following the handbook canonical way for rebuild world and kernel and stuff.Also I get to know personally the Bergon’s ISP owner and administrator Drago btw he looks like really good man.We spoke about the GDBOP actions when some times ago GDBOP agents break into a server room next to the office and tookBergon’s storage servers for users http://free-zone.cc (An FTP for Users). He said the GDBOP IT specialists doesn’t know evenelementary unix commands like “df” and “du” and he had to tell them what to type. We walked through the server’s room.He had some interesting servers I also observed the fiber optics and stuff. After setupping the newly installed serverto the server room. We went to the place “Seasons” and we drinked “Stolichno Tymno” and we ate Pizza on drago’s account.The idea of this FreeBSD installation was to make the machine hera.bergon.net a freeshell machine for local Bergon users assecure as possible. To achieve that I have set this sysctl settings:security.bsd.see_other_uids=0security.bsd.see_other_gids=0net.inet.tcp.msl=7500net.inet.tcp.blackhole=2net.inet.udp.blackhole=1net.inet.icmp.icmplim=50kern.ipc.somaxconn=32768Also I have installed AIDA . Also I have setupped jail with the ideato add the users into jail unfortunately. After running the jail I experienced problems with setupping multiple ips into thejail so I asked for help in ##freebsd in freenode it turned out that by default FreeBSD jail doesn’t support virtual IPs but thereis a patch to enable that unfortunately the patch is for still for FreeBSD 5,6 or 6.2 none available for 7. After somediscussion in ##freebsd I found out there is something that would do the work but it’s not still stable enough it’s calledVIMAGE, VIMAGE looks promising but will be ready maybe in FreeBSD 8 check it out here .The only think which left from the FreeBSD configuration is to setup firewall I intend to make a firewall based on “PF” but I have to spend some time reading for PF. Also I’ve upgraded the kernel at home to:FreeBSD jericho.pcfreak 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Mon Feb 18 14:12:03 EET 2008 hipo@jericho.pcfreak:/usr/obj/usr/src/sys/GENERIC i386Apart from the geek stuff, yesterday I was to the fountain with Narf, today I had a walk in the Central park with Damqncho. Yesterday and today were quiet days thanks ofcourse to God almighty 🙂 Also Our Heavenly Father gives me peace through our Lord and Saviour Jesus Christ day after day through the Power of the Holy spirit 🙂 Unfortunately still I’m not too much of a healthy. But I still say The Lord is my rock I won’t be in use! Today in the college we had a business Meeting on the topic of “A New Product” I was the Personnel Manager, the last time meeting I wasa head of sales. After school and going out for a walk I went to my grandma and grandpa Georgi and Dimitrichka, after that I went to see my other grandma which is so a cool grandma (I love her much). Another good news even though they’re old ones are that my grandmother decided to give me 150$ more for buying the laptop. The only thing left is to choose the right laptop :). In USA thinkpads T series are so cheap starting from (around 950$), a good model costs something like 1150$ the same models here cost almost 1800$ pff… To end this post I would say I thank The Lord for giving me quiteful and peaceful days and blessing me in my work and in my studies. Hope he will continue to bless me in the future too.END—–