🥇 Ụdị nkesa ikike amanyere iwu na FreeBSD

Okwu Mmalite

Iji nye ọkwa nchekwa nkesa ọzọ, ịnwere ike iji iwu nlereanya ohere nkesa. Akwụkwọ a ga-akọwa otu ị ga-esi na-agba ọsọ apache n'ụlọ nga nwere ịnweta naanị ihe ndị ahụ chọrọ ohere maka apache na php ka ọ rụọ ọrụ nke ọma. N'iji ụkpụrụ a, ị nwere ike igbochi ọ bụghị naanị Apache, kamakwa nchịkọta ọ bụla ọzọ.

Ọzụzụ

Usoro a dị mma maka usoro faịlụ ufs na ihe atụ a, a ga-eji zfs na isi usoro, na ufs n'ụlọ mkpọrọ, n'otu n'otu. Nzọụkwụ mbụ bụ iwughachi kernel mgbe ị na-etinye FreeBSD, tinye koodu isi mmalite.
Mgbe arụnyere sistemụ ahụ, dezie faịlụ:

/usr/src/sys/amd64/conf/GENERIC

Naanị ị ga-agbakwunye otu ahịrị na faịlụ a:

options     MAC_MLS

Mpempe akwụkwọ mls / elu ga-enwe ọnọdụ kachasị elu n'elu akara mls / dị ala, ngwa ndị a ga-eji na mls / obere akara agaghị enwe ike ịnweta faịlụ nwere akara mls / elu. Enwere ike ịhụ nkọwa ndị ọzọ gbasara mkpado niile dị na sistemụ FreeBSD na nke a ndu.
Ọzọ, gaa na / usr/src ndekọ:

cd /usr/src

Iji malite iwu kernel, gbaa ọsọ (na igodo j, kọwapụta ọnụọgụ cores na sistemụ):

make -j 4 buildkernel KERNCONF=GENERIC

Mgbe achịkọtachara kernel, a ga-etinyerịrị ya:

make installkernel KERNCONF=GENERIC

Mgbe ị wụnye kernel, emela ngwa ngwa ịmalitegharị usoro ahụ, ebe ọ bụ na ọ dị mkpa ịnyefe ndị ọrụ na klas nbanye, na-ahazi ya na mbụ. Dezie faịlụ /etc/login.conf, na faịlụ a, ị ga-edezi klas nbanye nke ndabara, weta ya n'ụdị:

default:
        :passwd_format=sha512:
        :copyright=/etc/COPYRIGHT:
        :welcome=/etc/motd:
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:
        :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:
        :nologin=/var/run/nologin:
        :cputime=unlimited:
        :datasize=unlimited:
        :stacksize=unlimited:
        :memorylocked=64K:
        :memoryuse=unlimited:
        :filesize=unlimited:
        :coredumpsize=unlimited:
        :openfiles=unlimited:
        :maxproc=unlimited:
        :sbsize=unlimited:
        :vmemoryuse=unlimited:
        :swapuse=unlimited:
        :pseudoterminals=unlimited:
        :kqueues=unlimited:
        :umtxp=unlimited:
        :priority=0:
        :ignoretime@:
        :umask=022:
        :label=mls/equal:

Ahịrị :label=mls/equal ga-ahapụ ndị ọrụ bụ ndị otu klas a ịnweta faịlụ ndị ejiri akara ọ bụla akara (mls/low, mls/high). Mgbe nhazi ndị a gasịrị, ịkwesịrị iwughachi nchekwa data wee tinye onye ọrụ mgbọrọgwụ (yana ndị chọrọ ya) na klas nbanye a:

cap_mkdb /etc/login.conf
pw usermod root -L default

Ka iwu ahụ tinye naanị na faịlụ, ịkwesịrị idezi faịlụ /etc/mac.conf, na-ahapụ naanị otu ahịrị n'ime ya:

default_labels file ?mls

Ikwesiri ịgbakwunye modul mac_mls.ko na autorun:

echo 'mac_mls_load="YES"' >> /boot/loader.conf

Mgbe nke a gasịrị, ị nwere ike ịmalitegharị usoro ahụ n'enweghị nsogbu. Otu esi emepụta ụlọ Ị nwere ike ịgụ ya n'otu n'ime akwụkwọ m. Mana tupu ịmepụta ụlọ mkpọrọ, ịkwesịrị ịgbakwunye draịvụ ike wee mepụta sistemụ faịlụ na ya wee mee ka multilabel dị na ya, mepụta sistemụ faịlụ ufs2 nwere ụyọkọ nke 64kb:

newfs -O 2 -b 64kb /dev/ada1
tunefs -l enable /dev/ada1

Mgbe ịmepụtara usoro faịlụ na ịgbakwunye multilabel, ịkwesịrị ịgbakwunye draịvụ ike na /etc/fstab, tinye ahịrị na faịlụ a:

/dev/ada1               /jail  ufs     rw              0       1

Na Mountpoint, kọwaa ndekọ nke ị ga-ebuli draịvụ ike na Pass, jide n'aka na ị ga-edepụta 1 (n'usoro a ga-enyocha draịvụ ike a) - nke a dị mkpa, ebe ọ bụ na ufs faịlụ na-enwe mmetụta maka nkwụsị ike mberede. . Mgbe usoro ndị a gasịrị, tinye diski ahụ:

mount /dev/ada1 /jail

Wụnye nga n'akwụkwọ ndekọ aha a. Mgbe ụlọ mkpọrọ ahụ na-agba ọsọ, ịkwesịrị ịme otu ihe ahụ dị na ya dịka na isi usoro na ndị ọrụ na faịlụ /etc/login.conf, /etc/mac.conf.

ukpụhọde

Tupu ịwụnye mkpado ndị dị mkpa, ana m akwado ịwụnye ngwugwu niile dị mkpa n'ọnọdụ m, a ga-edozi mkpado na-eburu n'uche ngwugwu ndị a:

mod_php73-7.3.4_1              PHP Scripting Language
php73-7.3.4_1                  PHP Scripting Language
php73-ctype-7.3.4_1            The ctype shared extension for php
php73-curl-7.3.4_1             The curl shared extension for php
php73-dom-7.3.4_1              The dom shared extension for php
php73-extensions-1.0           "meta-port" to install PHP extensions
php73-filter-7.3.4_1           The filter shared extension for php
php73-gd-7.3.4_1               The gd shared extension for php
php73-gettext-7.3.4_1          The gettext shared extension for php
php73-hash-7.3.4_1             The hash shared extension for php
php73-iconv-7.3.4_1            The iconv shared extension for php
php73-json-7.3.4_1             The json shared extension for php
php73-mysqli-7.3.4_1           The mysqli shared extension for php
php73-opcache-7.3.4_1          The opcache shared extension for php
php73-openssl-7.3.4_1          The openssl shared extension for php
php73-pdo-7.3.4_1              The pdo shared extension for php
php73-pdo_sqlite-7.3.4_1       The pdo_sqlite shared extension for php
php73-phar-7.3.4_1             The phar shared extension for php
php73-posix-7.3.4_1            The posix shared extension for php
php73-session-7.3.4_1          The session shared extension for php
php73-simplexml-7.3.4_1        The simplexml shared extension for php
php73-sqlite3-7.3.4_1          The sqlite3 shared extension for php
php73-tokenizer-7.3.4_1        The tokenizer shared extension for php
php73-xml-7.3.4_1              The xml shared extension for php
php73-xmlreader-7.3.4_1        The xmlreader shared extension for php
php73-xmlrpc-7.3.4_1           The xmlrpc shared extension for php
php73-xmlwriter-7.3.4_1        The xmlwriter shared extension for php
php73-xsl-7.3.4_1              The xsl shared extension for php
php73-zip-7.3.4_1              The zip shared extension for php
php73-zlib-7.3.4_1             The zlib shared extension for php
apache24-2.4.39

N'ihe atụ a, a ga-edobe akara na-eburu n'uche ndabere nke ngwugwu ndị a. N'ezie, ị nwere ike ime ya n'ụzọ dị mfe: maka / usr / local / lib nchekwa na faịlụ ndị dị na ndekọ a, debe akara mls / ala na ngwugwu arụnyere na-esote (dịka ọmụmaatụ, mgbakwunye mgbakwunye maka php) ga-enwe ike ịnweta. ọba akwụkwọ dị na ndekọ a, mana ọ dị ka ọ ka mma nye m ohere ịnweta naanị faịlụ ndị dị mkpa. Kwụsị nga ma tọọ mls/akara dị elu na faịlụ niile:

setfmac -R mls/high /jail

Mgbe ị na-edozi akara, usoro a ga-akwụsị ma ọ bụrụ na setfmac na-ezute njikọ siri ike, n'ihe atụ m, ehichapụrụ m njikọ siri ike na akwụkwọ ndekọ aha ndị a:

/var/db/etcupdate/current/
/var/db/etcupdate/current/etc
/var/db/etcupdate/current/usr/share/openssl/man/en.ISO8859-15
/var/db/etcupdate/current/usr/share/man/en.ISO8859-15
/var/db/etcupdate/current/usr/share/man/en.UTF-8
/var/db/etcupdate/current/usr/share/nls
/etc/ssl
/usr/local/etc
/usr/local/etc/fonts/conf.d
/usr/local/openssl

Mgbe edochara akara ndị ahụ, ịkwesịrị ịtọ akara mls / obere aha maka apache, ihe mbụ ị ga - eme bụ ịchọpụta faịlụ achọrọ iji malite apache:

ldd /usr/local/sbin/httpd

Mgbe emechara iwu a, a ga-egosipụta ihe ndabere na ihuenyo, mana ịtọba akara ndị dị mkpa na faịlụ ndị a agaghị ezuru, ebe ọ bụ na akwụkwọ ndekọ aha nke faịlụ ndị a dị nwere mls/high label, yabụ na ọ dịkwa mkpa ka edepụta akwụkwọ ndekọ aha ndị a. mls/obere. Mgbe ị na-amalite, apache ga-ewepụtakwa faịlụ ndị dị mkpa iji mee ya, na maka php ndị a dabere na httpd-error.log log.

setfmac mls/low /
setfmac mls/low /usr/local/lib/libpcre.so.1
setfmac mls/low /usr/local/lib/libaprutil-1.so.0
setfmac mls/low /usr/local/lib/libdb-5.3.so.0
setfmac mls/low /usr/local/lib/libgdbm.so.6
setfmac mls/low /usr/local/lib/libexpat.so.1
setfmac mls/low /usr/local/lib/libapr-1.so.0
setfmac mls/low /lib/libcrypt.so.5
setfmac mls/low /lib/libthr.so.3
setfmac mls/low /lib/libc.so.7
setfmac mls/low /usr/local/lib/libintl.so.8
setfmac mls/low /var
setfmac mls/low /var/run
setfmac mls/low /var/log
setfmac mls/low /var/log/httpd-access.log
setfmac mls/low /var/log/httpd-error.log
setfmac mls/low /var/run/httpd.pid
setfmac mls/low /lib
setfmac mls/low /lib/libcrypt.so.5
setfmac mls/low /usr/local/lib/db5/libdb-5.3.so.0
setfmac mls/low /usr/local/lib/db5/libdb-5.3.so.0.0.0
setfmac mls/low /usr/local/lib/db5
setfmac mls/low /usr/local/lib
setfmac mls/low /libexec
setfmac mls/low /libexec/ld-elf.so.1
setfmac  mls/low /dev
setfmac  mls/low /dev/random
setfmac  mls/low /usr/local/libexec
setfmac  mls/low /usr/local/libexec/apache24
setfmac  mls/low /usr/local/libexec/apache24/*
setfmac  mls/low /etc/pwd.db
setfmac  mls/low /etc/passwd
setfmac  mls/low /etc/group
setfmac  mls/low /etc/
setfmac  mls/low /usr/local/etc
setfmac -R mls/low /usr/local/etc/apache24
setfmac mls/low /usr
setfmac mls/low /usr/local
setfmac mls/low /usr/local/sbin
setfmac mls/low /usr/local/sbin/*
setfmac -R mls/low /usr/local/etc/rc.d/
setfmac mls/low /usr/local/sbin/htcacheclean
setfmac mls/low /var/log/httpd-access.log
setfmac mls/low /var/log/httpd-error.log
setfmac -R mls/low /usr/local/www
setfmac mls/low /usr/lib
setfmac mls/low /tmp
setfmac -R mls/low /usr/local/lib/php
setfmac -R mls/low /usr/local/etc/php
setfmac mls/low /usr/local/etc/php.conf
setfmac mls/low /lib/libelf.so.2
setfmac mls/low /lib/libm.so.5
setfmac mls/low /usr/local/lib/libxml2.so.2
setfmac mls/low /lib/libz.so.6
setfmac mls/low /usr/lib/liblzma.so.5
setfmac mls/low /usr/local/lib/libiconv.so.2
setfmac mls/low /usr/lib/librt.so.1
setfmac mls/low /lib/libthr.so.3
setfmac mls/low /usr/local/lib/libpng16.so.16
setfmac mls/low /usr/lib/libbz2.so.4
setfmac mls/low /usr/local/lib/libargon2.so.0
setfmac mls/low /usr/local/lib/libpcre2-8.so.0
setfmac mls/low /usr/local/lib/libsqlite3.so.0
setfmac mls/low /usr/local/lib/libgd.so.6
setfmac mls/low /usr/local/lib/libjpeg.so.8
setfmac mls/low /usr/local/lib/libfreetype.so
setfmac mls/low /usr/local/lib/libfontconfig.so.1
setfmac mls/low /usr/local/lib/libtiff.so.5
setfmac mls/low /usr/local/lib/libwebp.so.7
setfmac mls/low /usr/local/lib/libjbig.so.2
setfmac mls/low /usr/lib/libssl.so.8
setfmac mls/low /lib/libcrypto.so.8
setfmac mls/low /usr/local/lib/libzip.so.5
setfmac mls/low /etc/resolv.conf

Ndepụta a nwere mls / mkpado dị ala maka faịlụ niile dị mkpa maka ịrụ ọrụ ziri ezi nke ngwakọta apache na php (maka ngwugwu ndị ahụ etinyere na ihe atụ m).

Ihe mmetụ ikpeazụ ga-abụ ịhazi ụlọ mkpọrọ ka ọ na-agba ọsọ na mls / nha nha, yana apache na mls/ọkwa dị ala. Iji malite nga, ịkwesịrị ịme mgbanwe na /etc/rc.d/jail script, chọta ọrụ jail_start na edemede a, gbanwee mgbanwe iwu na ụdị:

command="setpmac mls/equal $jail_program"

Iwu setpmac na-agba faịlụ nwere ike ime n'ogo ike achọrọ, na nke a mls/equal, iji nweta akara niile. Na apache ị ga-edezi edemede mmalite /usr/local/etc/rc.d/apache24. Gbanwee ọrụ apache24_prestart:

apache24_prestart() {
        apache24_checkfib
        apache24_precmd
        eval "setpmac mls/low" ${command} ${apache24_flags}
}

В onye isi Akwụkwọ ntuziaka ahụ nwere ihe atụ ọzọ, mana enweghị m ike iji ya n'ihi na m nọgidere na-enweta ozi gbasara enweghị ike iji iwu setpmac.

nkwubi

Usoro nkesa nkesa a ga-agbakwunye nchebe ọzọ na apache (ọ bụ ezie na usoro a dị mma maka nchịkọta ọ bụla ọzọ), nke na mgbakwunye na-agba ọsọ n'ụlọ mkpọrọ, n'otu oge ahụ, maka onye nchịkwa, ihe niile a ga-eme n'ụzọ doro anya na n'amaghị ama.

Ndepụta ebe ndị nyeere m aka ide akwụkwọ a:

https://www.freebsd.org/doc/ru_RU.KOI8-R/books/handbook/mac.html

isi: www.habr.com

Ụdị nkesa ikike amanyere iwu na FreeBSD

Okwu Mmalite

Ọzụzụ

ukpụhọde

nkwubi

Tinye a comment Отменить ответ