localhost# /etc/rc.d/jail restart

Stopping jails: db benkyo tomoyo kasumi ayumi.

Configuring jails:.

need to wait for 15minutes demn!!

Install FreeBSD 6.4 dalam FreeBSD 7.2-RELEASE yer.(macam install freebsd dalam linux via vmware lah gitu-gitu apek).

Step by step :

Server yang di gunakan dalam contoh ini :

Dalam FreeBSD Master aku

www# uname -a
FreeBSD www.xxx.gov.my 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Thu May 21 18:21:54 MYT 2009 myazhax@www.xxx.gov.my:/usr/obj/usr/src/sys/BENKYO  i386

Lihat layout HD

www# df -ha
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a    1.9G    271M    1.5G    15%    /
devfs          1.0K    1.0K      0B   100%    /dev
/dev/da0s1f    8.6G    3.6G    4.3G    45%    /usr
/dev/da0s1d    4.8G     41M    4.4G     1%    /var
/dev/da0s1e     50G      2M     48G     0%    /webserver

Lihat ip aku
www# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:13:21:b4:27:f1
inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000

Buat jail direktori

www# mkdir jails

www# mkdir /jails/tomoyo

Install ‘jail’

www# sysinstall

Pilih Custom, Select

Pilih ‘2', OK.

Isikan tulisan ini pada bagian ‘Release Name’, OK. ( cth : 6.4-RELEASE )

Di bagian ‘Install Root’ : /jails (nama direktori yang sudah dibuat sebelumnya ni / ). OK

Tekan huruf q untuk keluar.

Berikutnya pilih ‘Distributions’ dan tekan ‘OK’.

Pilih ‘Minimal’, OK.

Pilih ‘Media’, OK. ( guna ftp,select lah mana rasa terdekat aku pilih singapore sebab yg terdekat lagipun nak buat offline pun boleh ini sebab takde CD nak burn hahahaha)

Pilih ‘Commit’ dan OK

Install lah bende ni sampai abis.

Keluar natang tu pilih ‘No’.

Pilih ‘Exit’ dan OK.

Pilih ‘Exit Install’

Tengok lah dalam tu pas habis install

www# ls /jails/

.cshrc bin etc media rescue sys var
.profile boot lib mnt root tmp
COPYRIGHT dev libexec proc sbin usr

Lepas tu

Buka /etc/rc.conf, tambahkan baris ini :

#set ip alias buat jail

ifconfig_bge0_alias1="inet 10.0.0.100 netmask 255.255.255.0"
jail_set_hostname_allow="NO"
jail_enable="YES"
jail_list="db tomoyo web"
jail_interface="bge0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_mount_enable="NO"
jail_db_rootdir="/jail/db.xxx.gov.my/"
jail_db_hostname="db"
jail_db_ip="10.0.0.100"
jail_db_devfs_ruleset="devfsrules_jail"

ifconfig_bge0_alias1="inet 10.0.0.99 netmask 255.255.255.0"
jail_web_rootdir="/jail/web.xxx.gov.my/"
jail_web_hostname="web"
jail_web_ip="10.0.0.99"
jail_web_devfs_ruleset="devfsrules_jail"

ifconfig_bge0_alias2="inet 10.0.0.88 netmask 255.255.255.0"
jail_tomoyo_rootdir="/jail/tomoyo.xxx.gov.my/"
jail_tomoyo_hostname="tomoyo"
jail_tomoyo_ip="10.0.0.88"
jail_tomoyo_devfs_ruleset="devfsrules_jail"

Pastu kat rc.conf kat dalam jails pulak

www# ee /webserver/jails/etc/rc.conf

taruk bende semua2 ni :

hostname=”server-jails”
ifconfig_em1=”inet 192.168.1.101 netmask 255.255.255.0"
defaultrouter=”192.168.1.1"
rpcbind_enable=”NO”
clear_tmp_enable=”YES”
sendmail_enable=”YES”
sshd_enable=”YES”

Save lah config tadi

Pastu copy resolv.conf

www# cp /etc/resolv.conf /webserver/jails/etc/

Ok masa untuk testing login ke jail (FreebSD 6.4)

Mula jail :

www# /etc/rc.d/jail start
Configuring jails:.
Starting jails: server-jails.

Tengok proses jail tengah run :

%jls
JID  IP Address      Hostname                      Path
3  10.0.0.99       web                           /jail/web.xxx.gov.my
2  10.0.0.88       benkyo                        /jail/benkyo.xxx.gov.my
1  10.0.0.77       db                            /jail/db.xxx.gov.my
%jls -v
JID  Hostname                      Path
Name                          State
CPUSetID
IP Address(es)
3  web                           /jail/web.xxx.gov.my
ALIVE
4
10.0.0.99
2  benkyo                        /jail/benkyo.xxx.gov.my
ALIVE
3
10.0.0.88
1  db                            /jail/db.xxx.gov.my
ALIVE
2
10.0.0.77

Buat password root untuk jails:

www# jexec 1 touch /etc/fstab
www# jexec 1 passwd
Changing local password for root
New Password:
Retype New Password:
ftp#

Buat user baru :

www# jexec 1 adduser
Username: azhax
Full name: azhax dalam jails
Uid (Leave empty for default):
Login group [azhax]: wheel
Login group is wheel. Invite azhax into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: csh
Home directory [/home/azhax]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : azhax
Password : *****
Full Name : azhax dalam jails
Uid : 1001
Class :
Groups : wheel
Home : /home/azhax
Shell : /bin/csh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (azhax) to the user database.
Add another user? (yes/no): no
Goodbye!
Login ke sistem :

www# jexec 1 login
llogin: azhax
Password:
Last login: Tue Jul 8 04:09:50 on ttyp0
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.

FreeBSD 7.0-RELEASE (BENKYO) #1: Mon Mar 31 08:52:19 WIT 2009

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it’s updated frequently.

o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they’re also available formatted in /usr/share/doc.

If you still have a question or problem, please take the output of
`uname -a’, along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD’s directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man’.

You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.

%su
Password:
mailserver# echo ‘Jail Server’ > /etc/motd

Ubah akses ssh untuk remote akses :

www# /etc/rc.d/sshd stop
Stopping sshd.
server-jails# ee /etc/ssh/sshd_config

ubah bagian Listen Address nya, ex :

#Port 22
#Protocol 2
#AddressFamily any
ListenAddress 192.168.1.111
#ListenAddress ::

simpan filenya dan restart ssh nya.

/etc/rc.d/sshd start

Test ssh dari windows/host lain untuk memastikan ssh server jail dah jalan sepenuhnya :

Login dengan user yang di buat di server jail tadi, user : azhax, password : manaakutau

Done.

Ping from inside the jail

Under normal circumstances, jails do not allow ping to run. To allow this temporarily (!!!) set the kernel to allow ping in jail via sysctl() :

sysctl security.jail.allow_raw_sockets=1

ref : http://kerneltrap.org/mailarchive/freebsd-bugs/2007/10/27/362534

www# cat /var/log/messages
May 25 21:19:31 www root: /etc/rc: WARNING: /webserver/jails/home/dev has symlink as parent - not starting jail webserver

what happen? that was because

www# cat /etc/rc.conf |grep root
jail_webserver_rootdir="/webserver/jails/home/" #this directory wrong
www#

www# cd /webserver/jails/
www# ls
.cshrc          boot            lib             proc            sys
.profile        dev             libexec         rescue          tmp
COPYRIGHT       etc             media           root            usr
bin             home            mnt             sbin            var
www#

change it to

jail_webserver_rootdir="/webserver/jails/"

worried with your firewall not good enough? just for safety patch your system but if you using BSD os otherwise www.google by your ownself >:)

ftp://ftp.openbsd.org/pub/OpenBSD/patches/

ftp://ftp.netbsd.org/pub/NetBSD/security/patches/

http://www.freebsd.org/security/advisories.html

How do I fix this error?

freebsd# apachectl restart
[Thu Feb 19 06:38:47 2009] [warn] module php5_module is already loaded, skipping
httpd not running, trying to start
[Thu Feb 19 06:38:47 2009] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
freebsd# kldload accf_http
freebsd# apachectl restart
[Thu Feb 19 06:40:50 2009] [warn] module php5_module is already loaded, skipping
freebsd# echo 'accf_http_load="YES"' >> /boot/loader.conf
freebsd# uname -a
FreeBSD freebsd.xxx.gov.my 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
freebsd#
freebsd# php -v
PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Feb 19 2009 06:24:58)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

Below when you see # it means from the unix shell. When you see mysql> it means from a MySQL prompt after logging into MySQL.

To login (from unix shell) use -h only if needed.
# [mysql dir]/bin/mysql -h hostname -u root -p

Create a database on the sql server.
mysql> create database [databasename];

List all databases on the sql server.
mysql> show databases;

Switch to a database.
mysql> use [db name];

To see all the tables in the db.
mysql> show tables;

To see database’s field formats.
mysql> describe [table name];

To delete a db.
mysql> drop database [database name];

To delete a table.
mysql> drop table [table name];

Show all data in a table.
mysql> SELECT * FROM [table name];

Returns the columns and column information pertaining to the designated table.
mysql> show columns from [table name];

Show certain selected rows with the value “whatever”.
mysql> SELECT * FROM [table name] WHERE [field name] = “whatever”;

Show all records containing the name “Bob” AND the phone number ‘3444444′.
mysql> SELECT * FROM [table name] WHERE name = “Bob” AND phone_number = ‘3444444′;

Show all records not containing the name “Bob” AND the phone number ‘3444444′ order by the phone_number field.
mysql> SELECT * FROM [table name] WHERE name != “Bob” AND phone_number = ‘3444444′ order by phone_number;

Show all records starting with the letters ‘bob’ AND the phone number ‘3444444′.
mysql> SELECT * FROM [table name] WHERE name like “Bob%” AND phone_number = ‘3444444′;

Show all records starting with the letters ‘bob’ AND the phone number ‘3444444′ limit to records 1 through 5.
mysql> SELECT * FROM [table name] WHERE name like “Bob%” AND phone_number = ‘3444444′ limit 1,5;

Use a regular expression to find records. Use “REGEXP BINARY” to force case-sensitivity. This finds any record beginning with a.
mysql> SELECT * FROM [table name] WHERE rec RLIKE “^a”;

Show unique records.
mysql> SELECT DISTINCT [column name] FROM [table name];

Show selected records sorted in an ascending (asc) or descending (desc).
mysql> SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC;

Return number of rows.
mysql> SELECT COUNT(*) FROM [table name];

Sum column.
mysql> SELECT SUM(*) FROM [table name];

Join tables on common columns.
mysql> select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;

Creating a new user. Login as root. Switch to the MySQL db. Make the user. Update privs.
# mysql -u root -p

mysql> use mysql;
mysql> INSERT INTO user (Host,User,Password) VALUES(’%',’username’,PASSWORD(’password’));
mysql> flush privileges;

Change a users password from unix shell.
# [mysql dir]/bin/mysqladmin -u username -h hostname.blah.org -p password ‘new-password’

Change a users password from MySQL prompt. Login as root. Set the password. Update privs.
# mysql -u root -p
mysql> SET PASSWORD FOR ‘user’@'hostname’ = PASSWORD(’passwordhere’);
mysql> flush privileges;

Recover a MySQL root password. Stop the MySQL server process. Start again with no grant tables. Login to MySQL as root. Set new password. Exit MySQL and restart MySQL server.
# /etc/init.d/mysql stop
# mysqld_safe –skip-grant-tables &
# mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD(”newrootpassword”) where User=’root’;
mysql> flush privileges;
mysql> quit
# /etc/init.d/mysql stop
# /etc/init.d/mysql start

Set a root password if there is on root password.
# mysqladmin -u root password newpassword

Update a root password.
# mysqladmin -u root -p oldpassword newpassword

Allow the user “bob” to connect to the server from localhost using the password “passwd”. Login as root. Switch to the MySQL db. Give privs. Update privs.
# mysql -u root -p
mysql> use mysql;
mysql> grant usage on *.* to bob@localhost identified by ‘passwd’;
mysql> flush privileges;

Give user privilages for a db. Login as root. Switch to the MySQL db. Grant privs. Update privs.
# mysql -u root -p
mysql> use mysql;
mysql> INSERT INTO user (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES (’%',’databasename’,'username’,'Y’,'Y’,'Y’,'Y’,'Y’,'N’);
mysql> flush privileges;

or

mysql> grant all privileges on databasename.* to username@localhost;
mysql> flush privileges;

To update info already in a table.
mysql> UPDATE [table name] SET Select_priv = ‘Y’,Insert_priv = ‘Y’,Update_priv = ‘Y’ where [field name] = ‘user’;

Delete a row(s) from a table.
mysql> DELETE from [table name] where [field name] = ‘whatever’;

Update database permissions/privilages.
mysql> flush privileges;

Delete a column.
mysql> alter table [table name] drop column [column name];

Add a new column to db.
mysql> alter table [table name] add column [new column name] varchar (20);

Change column name.
mysql> alter table [table name] change [old column name] [new column name] varchar (50);

Make a unique column so you get no dupes.
mysql> alter table [table name] add unique ([column name]);

Make a column bigger.
mysql> alter table [table name] modify [column name] VARCHAR(3);

Delete unique from table.
mysql> alter table [table name] drop index [colmn name];

Load a CSV file into a table.
mysql> LOAD DATA INFILE ‘/tmp/filename.csv’ replace INTO TABLE [table name] FIELDS TERMINATED BY ‘,’ LINES TERMINATED BY ‘\n’ (field1,field2,field3);

Dump all databases for backup. Backup file is sql commands to recreate all db’s.
# [mysql dir]/bin/mysqldump -u root -ppassword –opt >/tmp/alldatabases.sql

Dump one database for backup.
# [mysql dir]/bin/mysqldump -u username -ppassword –databases databasename >/tmp/databasename.sql

Dump a table from a database.
# [mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql

Restore database (or database table) from backup.
# [mysql dir]/bin/mysql -u username -ppassword databasename < /tmp/databasename.sql

Create Table Example 1.
mysql> CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));

Create Table Example 2.
mysql> create table [table name] (personid int(50) not null auto_increment primary key,firstname varchar(35),middlename varchar(50),lastnamevarchar(50) default ‘bato’);

Untangle. pernah denga tak. aa nie aku nak cerita satu sofware ‘PERCUMA” untuk solution kepada korang punya firewall, spam dan banyak lagi. Pertama kali aku tau pasal benda alah nie bila kawan aku Hafiz ‘Maybank’ suruh aku tengok. Aku saj nak try tengok, so aku download laa kat laptop aku. pastu aku run..tap-tup, tap-tup tiba2 ramai yang call pasal tak leh masuk internet..apa lagi aku cabut laa network aku.. baru boleh..hehehehehehehehehehehe..
kalau korang nak cuba, pie hisap kat logo tu…

perampok dari i2n9

myazhax# su
myazhax# adduser
Username: ftp
Full name: Anonymous FTP
user  Uid (Leave empty for default):
Logingroup [ftp]:  Login group is ftp. Invite ftp into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash zsh nologin) [sh]: nologin
Home directory [/home/ftp]: /where/your/ftp
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username   : ftp
Password   :
Full Name  : Anonymous FTP
user  Uid        : 1004  Class      :  Groups     : ftp
Home       : /where/your/ftp
Shell      : /usr/sbin/nologin  Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (ftp) to the user database.
Add another user? (yes/no): no
Goodbye!
myazhax # mkdir -p /where/your/ftp/pub
myazhax# chown ftp:ftp /where/your/ftp/pub
myazhax# ee /etc/inetd.conf

edit line

ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -S -A -r
myazhax# ee /etc/rc.conf

edit file, then put

inetd_enable="YES"
myazhax # /ect/rc.d/inetd start

Pastu try to login

Good morning

Here’s my some of screen shoot of my lappy, this machine work very good until i not shutdown it in almost 3 day’s..

i’m repeat I NOT SHUTDOWN my laptop in 3 DAY’S!!!

So, what i want to show is both of the picture at above is my tomoyo desktop was created by SkyWizard and this triple picture as below was my latest screen shoot (gnome) and that is for temporary used.