FreeBSD 7 Installation and setup for tightened
security / Multiple IPs in Jail problems
In Saturday I went to Bergon. To help with the install and
configuration of a FreeBSD 7 system to Static and Kiril(e.g.
Arkadietz). The install went smoothly. Then I csupped following the
handbook canonical way for rebuild world and kernel and stuff. Also
I get to know personally the Bergon's ISP owner and administrator
Drago btw he looks like really good man. We spoke about the GDBOP
actions when some times ago GDBOP agents break into a server room
next to the office and took Bergon's storage servers for users
http://free-zone.cc (An FTP for Users). He said the GDBOP IT
specialists doesn't know even elementary unix commands like "df"
and "du" and he had to tell them what to type. We walked through
the server's room. He had some interesting servers I also observed
the fiber optics and stuff. After setupping the newly installed
server to the server room. We went to the place "Seasons" and we
drinked "Stolichno Tymno" and we ate Pizza on drago's account. The
idea of this FreeBSD installation was to make the machine
hera.bergon.net a freeshell machine for local Bergon users as
secure as possible. To achieve that I have set this sysctl
settings: security.bsd.see_other_uids=0
security.bsd.see_other_gids=0 net.inet.tcp.msl=7500
net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1
net.inet.icmp.icmplim=50 kern.ipc.somaxconn=32768 Also I have
installed
AIDA
. Also I have setupped jail with the idea to add the users into
jail unfortunately. After running the jail I experienced problems
with setupping multiple ips into the jail so I asked for help in
##freebsd in freenode it turned out that by default FreeBSD jail
doesn't support virtual IPs but there is a patch to enable that
unfortunately the patch is for still for FreeBSD 5,6 or 6.2 none
available for 7. After some discussion in ##freebsd I found out
there is something that would do the work but it's not still stable
enough it's called VIMAGE, VIMAGE looks promising but will be ready
maybe in FreeBSD 8 check it out
here . The only think which
left from the FreeBSD configuration is to setup firewall I intend
to make a firewall based on "PF" but I have to spend some time
reading for PF. Also I've upgraded the kernel at home to: FreeBSD
jericho.pcfreak 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Mon Feb
18 14:12:03 EET 2008
hipo@jericho.pcfreak:/usr/obj/usr/src/sys/GENERIC i386 Apart from
the geek stuff, yesterday I was to the fountain with Narf, today I
had a walk in the Central park with Damqncho. Yesterday and today
were quiet days thanks ofcourse to God almighty
Also Our
Heavenly Father gives me peace through our Lord and Saviour Jesus
Christ day after day through the Power of the Holy spirit
Unfortunately
still I'm not too much of a healthy. But I still say The Lord is my
rock I won't be in use! Today in the college we had a business
Meeting on the topic of "A New Product" I was the Personnel
Manager, the last time meeting I was a head of sales. After school
and going out for a walk I went to my grandma and grandpa Georgi
and Dimitrichka, after that I went to see my other grandma which is
so a cool grandma (I love her much). Another good news even though
they're old ones are that my grandmother decided to give me 150$
more for buying the laptop. The only thing left is to choose the
right laptop :). In USA thinkpads T series are so cheap starting
from (around 950$), a good model costs something like 1150$ the
same models here cost almost 1800$ pff... To end this post I would
say I thank The Lord for giving me quiteful and peaceful days and
blessing me in my work and in my studies. Hope he will continue to
bless me in the future too.