Re: iocage$B$N(BIP$B$N5sF0(B

Reply: MATSUMOTO Masayoshi : "Re: iocage$B$N(BIP$B$N5sF0(B"
In reply to: MATSUMOTO Masayoshi : "iocage$B$N(BIP$B$N5sF0(B"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Yoshihiro Hanahara <hanahara_at_meiko.co.jp>
Date: Thu, 15 Sep 2022 02:38:51 UTC
$B2V86$G$9!#(B

Jail$B$rDs6!$7$F$$$k%[%9%H4D6-$r(B $B!V(Bjailer$B!W!"(B
$B$=$N%[%9%H$K9=C[$7$?(Bjail$B4D6-$r(B $B!V(Bprisoner$B!W$H8F$V$H$7$F!"(B

jailer$B$N4D6-$G!"(Bsshd $B$N@_Dj%U%!%$%k!V(B/etc/ssh/sshd_config$B!W$G!"(B
$B!V(BListenAddress$B!W$N@_Dj$r$7$F$$$J$$$N$G$O$J$$$G$7$g$&$+(B?
$B$D$^$j!"0J2<$N%3%a%s%H%"%&%H$5$l$?$^$^$G$O$J$$$G$9$+(B?

    #ListenAddress 0.0.0.0
    #ListenAddress ::

$B$3$N>uBV$@$H!"(Bjailer$B$N(Bsshd $B$O!"$9$Y$F$N%M%C%H%o!<%/%$%s%?!<%U%'%$%9$K%P(B
$B%$%s%I$7$^$9!#(B

    # sockstat -4 | grep sshd

$B$H$9$k$H!"(B

    ....
    root     sshd       1365  4  tcp4   *:22                 *:*

$B$H$$$&$h$&$J9T$,$_$D$+$k$N$G$O$J$$$G$7$g$&$+(B?
$B$3$l$O!"(BPID 1365$B$N(Bsshd$B$,(B $BA4$F$N(BIP$B%"%I%l%9(B:22$B%]!<%H(B $B$G(B $B@\B3BT$A$7$F$$$k$H(B
$B$$$&$3$H$G$9!#(B

$B2r7h:v$O!"(Bjailer $BB&$N(B sshd_config$B$G(B

    ListenAddress   192.168.xxx.aaa

$B$H$7$F!"@\B3BT$A(BIP$B%"%I%l%9$r;XDj$7$^$9!#(B
(prisoner$BB&$O!"(B192.168.xxx.bbb $B$N%M%C%H%o!<%/%$%s%?!<%U%'!<%9$7$+8+$($F(B
$B$J$$$@$m$&$+$i!"$^$";XDj$7$J$/$F$bFC$KLdBj$O$J$5$=$&$J5$$,$9$k(B...)

$B0J2<$N(BURL$B$b;29M$K$J$k$H;W$$$^$9!#(B

    FreeBSD - Jail$B$O2>A[2=$G$O$J$/H>2>A[2=$H8F$V$Y$-$G$O$J$$$+(B
    https://dankogai.livedoor.blog/archives/51916648.html

$B$^$"!"(BJail$B;H$$$@$7$?:"$N$"$k$"$k%M%?$J$s$@$H;W$$$^$9!#(B


PS.
$B$$$^$@$K(B ezjail$B;H$C$F$k$1$I!"(Biocage $B$NJ}$,$$$$$+$J$!!#(B

qjail$B$O!"(BVIMAGE$B$D$+$&$N$K;n$7$K$D$+$C$F$_$?$0$i$$!#(B
MTU$B$rJQ99$7$F$?$i!"$J$s$+$&$^$/F0$+$J$/$F!"%Q%C%A$$$l$kI,MW$,M-$C$?$j$7(B
$B$?5-21$,$"$k(B...$B!#(B


On Thu, 15 Sep 2022 06:11:09 +0900
MATSUMOTO Masayoshi <masa-ml@matsu-ho.jp> wrote:

> $B>>K\$H?=$7$^$9(B
> 
> $B=i$a$F(Biocage$B$rF3F~$7$F$_$F!"$"$l$C$H;W$C$?5sF0$,$"$C$?$N$G(B
> 
> $B%[%9%H$N(BIP$B$,(B192.168.xxx.aaa$B$G(B
> #iocage activate zpool
> #iocage create -r 13.1-RELEASE -n hogehoge
> #iocage set ip4_addr="re0|192.168.xxx.bbb/24" hogehoge
> $B$H$7$F!"(Bhogehoge$B$K$$$m$$$mF~$l$?$"$H(B
> $B30It$+$i(B192.168.xxx.bbb$B$K(Bnmap$B$+$1$F$_$?$N$G$9$,!"(B
> 22/tcp$B$,6u$$$F$$$k$h$&$G$7$?!#(Bjail$BFb$G(Bssh$B$OM-8z$K$7$F$J$$$N$G$9$,!#(B
> 
> $B$G!"JL(BPC$B$+$i<B:]$KC!$$$F$_$k$H!"(B
> >ssh fugafuga@192.168.xxx.bbb   
> Password for$B$J$s$A$c$i$G=P$F$/$k%[%9%HL>$b(BJAIL$B30$NL>A0$G!"(Bfugafuga$B$O%[%9%HB&$N$_$N(BID
> jail$B30$N4D6-$K%m%0%$%s$G$-$A$c$$$^$7$?!#$J$s$8$c$3$l!)(B
> 
> $B$"$H!"(Biocage$BFb$G(Bspamassassin-3.4.6$B!"@53N$K$O2<5-%5%$%HDL$j$K$G$C$A>e$2$?(B
> ja-spamassassin-3.4.6$B$N5sF0$b(Biocage$B30$H0c$C$F$$$^$7$?!#(B
> https://qiita.com/false-git@github/items/0dbe59922a391e547ca5
> 
> $B$=$N$^$^$@$H(Bspamc$B;HMQ;~$K(B/var/log/maillog$B$K(B
> mail spamd[xxxxx]: spamd: unauthorized connection from 192.168.xxx.bbb [192.168.xxx.bbb]:xxxxx to port 783, fd 5 at /usr/local/bin/spamd line 1627.
> mail spamd[xxxxx]: prefork: child states: II
> $B$,$G$F%a!<%k$,AGDL$7$G$9!#$3$l$K4X$7$F$O(B/etc/rc.conf$B$G(B
> spamd_flags="-A 192.168.xxx.bbb"
> $B$rIU$12C$($k$3$H$G2r7h$7$^$9$,!"NY$G$O(Biocage$B30!"(Bspamd_flags$BL5$7$GF0$$$F$k%5!<%P$,$"$k$s$G$9$h$M!#(B
> 
> $B>>K\!!>-59(B

-- 
Yoshihiro Hanahara <hanahara@meiko.co.jp>