ahahhaha…here is Windows7 ( windows seven ) bill gates make me crazy with his compiz

what i can say is WOW! more faster then VI$TA

localhost# rm -rf neraka/

rm: neraka/var/empty: Operation not permitted

rm: neraka/var: Directory not empty

rm: neraka/: Directory not empty

localhost# ls

.snap   neraka

localhost# chflags -R noschg neraka/

localhost# rm -rf neraka/

localhost# ls

.snap

localhost# /etc/rc.d/jail restart

Stopping jails: db benkyo tomoyo kasumi ayumi.

Configuring jails:.

need to wait for 15minutes demn!!

Huh, wtf! this early morning i got an email from fakap person who has email me. She/He told me to active my account if not they will temporarily closed my account. Who cares? i paid for services! if you also got this email please mark as a spam or just delete

Install FreeBSD 6.4 dalam FreeBSD 7.2-RELEASE yer.(macam install freebsd dalam linux via vmware lah gitu-gitu apek).

Step by step :

Server yang di gunakan dalam contoh ini :

Dalam FreeBSD Master aku

www# uname -a
FreeBSD www.xxx.gov.my 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Thu May 21 18:21:54 MYT 2009 myazhax@www.xxx.gov.my:/usr/obj/usr/src/sys/BENKYO  i386

Lihat layout HD

www# df -ha
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a    1.9G    271M    1.5G    15%    /
devfs          1.0K    1.0K      0B   100%    /dev
/dev/da0s1f    8.6G    3.6G    4.3G    45%    /usr
/dev/da0s1d    4.8G     41M    4.4G     1%    /var
/dev/da0s1e     50G      2M     48G     0%    /webserver

Lihat ip aku
www# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:13:21:b4:27:f1
inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000

Buat jail direktori

www# mkdir jails

www# mkdir /jails/tomoyo

Install ‘jail’

www# sysinstall

Pilih Custom, Select

Pilih ‘2', OK.

Isikan tulisan ini pada bagian ‘Release Name’, OK. ( cth : 6.4-RELEASE )

Di bagian ‘Install Root’ : /jails (nama direktori yang sudah dibuat sebelumnya ni / ). OK

Tekan huruf q untuk keluar.

Berikutnya pilih ‘Distributions’ dan tekan ‘OK’.

Pilih ‘Minimal’, OK.

Pilih ‘Media’, OK. ( guna ftp,select lah mana rasa terdekat aku pilih singapore sebab yg terdekat lagipun nak buat offline pun boleh ini sebab takde CD nak burn hahahaha)

Pilih ‘Commit’ dan OK

Install lah bende ni sampai abis.

Keluar natang tu pilih ‘No’.

Pilih ‘Exit’ dan OK.

Pilih ‘Exit Install’

Tengok lah dalam tu pas habis install

www# ls /jails/

.cshrc bin etc media rescue sys var
.profile boot lib mnt root tmp
COPYRIGHT dev libexec proc sbin usr

Lepas tu

Buka /etc/rc.conf, tambahkan baris ini :

#set ip alias buat jail

ifconfig_bge0_alias1="inet 10.0.0.100 netmask 255.255.255.0"
jail_set_hostname_allow="NO"
jail_enable="YES"
jail_list="db tomoyo web"
jail_interface="bge0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_mount_enable="NO"
jail_db_rootdir="/jail/db.xxx.gov.my/"
jail_db_hostname="db"
jail_db_ip="10.0.0.100"
jail_db_devfs_ruleset="devfsrules_jail"

ifconfig_bge0_alias1="inet 10.0.0.99 netmask 255.255.255.0"
jail_web_rootdir="/jail/web.xxx.gov.my/"
jail_web_hostname="web"
jail_web_ip="10.0.0.99"
jail_web_devfs_ruleset="devfsrules_jail"

ifconfig_bge0_alias2="inet 10.0.0.88 netmask 255.255.255.0"
jail_tomoyo_rootdir="/jail/tomoyo.xxx.gov.my/"
jail_tomoyo_hostname="tomoyo"
jail_tomoyo_ip="10.0.0.88"
jail_tomoyo_devfs_ruleset="devfsrules_jail"

Pastu kat rc.conf kat dalam jails pulak

www# ee /webserver/jails/etc/rc.conf

taruk bende semua2 ni :

hostname=”server-jails”
ifconfig_em1=”inet 192.168.1.101 netmask 255.255.255.0"
defaultrouter=”192.168.1.1"
rpcbind_enable=”NO”
clear_tmp_enable=”YES”
sendmail_enable=”YES”
sshd_enable=”YES”

Save lah config tadi

Pastu copy resolv.conf

www# cp /etc/resolv.conf /webserver/jails/etc/

Ok masa untuk testing login ke jail (FreebSD 6.4)

Mula jail :

www# /etc/rc.d/jail start
Configuring jails:.
Starting jails: server-jails.

Tengok proses jail tengah run :

%jls
JID  IP Address      Hostname                      Path
3  10.0.0.99       web                           /jail/web.xxx.gov.my
2  10.0.0.88       benkyo                        /jail/benkyo.xxx.gov.my
1  10.0.0.77       db                            /jail/db.xxx.gov.my
%jls -v
JID  Hostname                      Path
Name                          State
CPUSetID
IP Address(es)
3  web                           /jail/web.xxx.gov.my
ALIVE
4
10.0.0.99
2  benkyo                        /jail/benkyo.xxx.gov.my
ALIVE
3
10.0.0.88
1  db                            /jail/db.xxx.gov.my
ALIVE
2
10.0.0.77

Buat password root untuk jails:

www# jexec 1 touch /etc/fstab
www# jexec 1 passwd
Changing local password for root
New Password:
Retype New Password:
ftp#

Buat user baru :

www# jexec 1 adduser
Username: azhax
Full name: azhax dalam jails
Uid (Leave empty for default):
Login group [azhax]: wheel
Login group is wheel. Invite azhax into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: csh
Home directory [/home/azhax]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : azhax
Password : *****
Full Name : azhax dalam jails
Uid : 1001
Class :
Groups : wheel
Home : /home/azhax
Shell : /bin/csh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (azhax) to the user database.
Add another user? (yes/no): no
Goodbye!
Login ke sistem :

www# jexec 1 login
llogin: azhax
Password:
Last login: Tue Jul 8 04:09:50 on ttyp0
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.

FreeBSD 7.0-RELEASE (BENKYO) #1: Mon Mar 31 08:52:19 WIT 2009

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it’s updated frequently.

o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they’re also available formatted in /usr/share/doc.

If you still have a question or problem, please take the output of
`uname -a’, along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD’s directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man’.

You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.

%su
Password:
mailserver# echo ‘Jail Server’ > /etc/motd

Ubah akses ssh untuk remote akses :

www# /etc/rc.d/sshd stop
Stopping sshd.
server-jails# ee /etc/ssh/sshd_config

ubah bagian Listen Address nya, ex :

#Port 22
#Protocol 2
#AddressFamily any
ListenAddress 192.168.1.111
#ListenAddress ::

simpan filenya dan restart ssh nya.

/etc/rc.d/sshd start

Test ssh dari windows/host lain untuk memastikan ssh server jail dah jalan sepenuhnya :

Login dengan user yang di buat di server jail tadi, user : azhax, password : manaakutau

Done.

Ping from inside the jail

Under normal circumstances, jails do not allow ping to run. To allow this temporarily (!!!) set the kernel to allow ping in jail via sysctl() :

sysctl security.jail.allow_raw_sockets=1

part 1 at http://blog.myazhax.net/2007/08/eh/

Oh yeah, boley gi shopping free

ref : http://kerneltrap.org/mailarchive/freebsd-bugs/2007/10/27/362534

www# cat /var/log/messages
May 25 21:19:31 www root: /etc/rc: WARNING: /webserver/jails/home/dev has symlink as parent - not starting jail webserver

what happen? that was because

www# cat /etc/rc.conf |grep root
jail_webserver_rootdir="/webserver/jails/home/" #this directory wrong
www#

www# cd /webserver/jails/
www# ls
.cshrc          boot            lib             proc            sys
.profile        dev             libexec         rescue          tmp
COPYRIGHT       etc             media           root            usr
bin             home            mnt             sbin            var
www#

change it to

jail_webserver_rootdir="/webserver/jails/"

Congratulate to Theo de Raadt,current release openbsd 4.5 on today 1 may 2009

The Linux Operating System like Ubuntu, Debian, Redhat, Fedora, Mandrake, SuSE, Mandriva, Slackware, Gentoo and linux flavour is not supported by kingston but their support LINUS

Denying access in httpd.conf

myazhax# ee /usr/local/etc/apache22/httpd.conf

< Directory “/usr/local/www/administrator/” >

Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order deny,allow
< /Directory >
“/usr/local/etc/apache22/httpd.conf” 512 lines, 17779 characters
myazhax# apachectl graceful

[Wed Apr 22 18:24:18 2009] [warn] module php5_module is already loaded, skipping

Creating an .htaccess file

myazhax#touch .htaccess

myazhax#ee .htaccess

AuthName “Kandang MyAzhax”
AuthType Basic
AuthUserFile /usr/local/www/administrator/.mypassfile
Require valid-user

Generating the password file

myazhax#htpasswd -c /usr/local/www/adminstrator/.mypassfile myazhax
New password:
Re-type new password:
Adding password for user myazhax

# htpasswd .mypassfile azhax
New password:
Re-type new password:
Adding password for user azhax

Try login; if it wrong the page will appear 401 Authorization Required

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.