Setting up FreeBSD 10.3 Jails

-
Just some rough working notes on setting up FreeBSD 10.3 jails in 2016. I've done this from a fresh install from a virtual image on the FreeBSD downloads page- so literally from an empty, bare minimum base image.

I noted that older documentation seems to leave out key details, is incompatible with current builds, etc. Thought it would be worth documenting what I did in order to get jails working nicely, in case someone else finds it of use.

Get the base of ezJail set up, as advised by the FreeBSD documentation:
echo 'cloned_interfaces="lo1"' >> /etc/rc.conf  
echo 'ezjail_enable="YES"' >> /etc/rc.conf 
pkg boostrap 
pkg install ezjail
Set up /usr/ports so we have something to base our jails off, and then create the base jail (this will implicitly do a make installworld). This will take fucking ages. Maybe chain the commands together (using ';') and grab a coffee or 7.
svn checkout https://svn.FreeBSD.org/base/stable/10 /usr/src 
cd /usr/src 
make buildworld 
ezjail-admin update -i -p
Now we can restart the box, have ezjail start up for us & be ready to use:
ezjail-admin create dnsjail 'lo1|127.0.1.1'
ezjail-admin start dnsjail
ezjail-admin console dnsjail
And there's your jail :)

Comments

Post a Comment

Popular posts from this blog

2020 Hack-A-Sat DEFCON Space Security Challenge CTF Qualifiers 2020 - Part 1

-
Image
Preface This year the US Air Force teamed up with DoD's Digital Service and DEFCON's Aerospace village to build a CTF - the first of it's kind - to hack satellites. I joined with some colleagues and their CTF team to get our numbers around half a dozen. We missed the top ten by ~50 points, which was disappointing, but shows the quality of the teams we were up against and that the tournament attracted. Since joining a Bay Area tech company, I haven't found much time or mental space for CTFs or bug bounties. But aerospace has a special place in my heart, and with numerous commercial launch companies massively driving down the costs to get satellites up, understanding the frameworks, communication protocols, physics, tools, history etc. is going to be super important. Before I get to the goods, a hat tip to the USAF & DoD for getting behind this. Satellites are going to become increasingly important in our day-to-day lives, and investing in bringing the security commun
Read more

Man-in-the-middling SSL / TLS on Windows

-
"Is there a lock in the URL bar?" Funny how the proliferation of commercial CA's led to this question to become the hallmark of Internet security circa 2001. I'll keep that rant for another day. Thumbs up to EFF and Mozilla for finally doing something about it . When debugging issues with network connections or reverse engineering products, you might find the need to take the gloves off and find out exactly what an application is doing on the wire. You'll need a man in the middle. ( instantcsi ) Providing the application you're targeting uses a web protocol, you'll be in with some luck- there are heaps of web debugging proxies and tools you can use on any platforms. If you have physical access to the network (i.e. a non-corporate environment), or you have a Linux machine on the network that IT security approve of- the conversation effectively ends here: Use MITMproxy . Unfortunately I don't have either physical access or a Linux machine o
Read more

2021 Hack-A-Sat DEFCON Space Security Challenge CTF Qualifiers Writeup - Linky

-
Image
Linky was an RF math problem, introducing the link-budget algorithm and getting contestants to calculate missing parameters for the operation of the radio link. Years have passed since our satellite was designed, and the Systems Engineers didn't do a great job with the documentation. Partial information was left behind in the user documentation and we don't know what power level we should configure the Telemetry transmitter to ensure we have 10 dB of Eb/No margin over the minimum required for BER (4.4 dB) . Upon connecting to the target port and presenting token, you're presented with a TUI of sorts: _ _ _ | | (_)_ __ | | ___ _ | | | | '_ \| |/ / | | | | |___| | | | | <| |_| | |_____|_|_| |_|_|\_\\__, | |___/ .-. (;;;) \_| \ _.--l--._ . \ | `. .` `.\ | .` `. .` `\ | .` `. / __ \.|.` __ \/ | ''--._ \V _.--'' | | _ (") _ |
Read more