wiki:experiences:igraltist:jail_ntpd
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

--- ntpd_org	2008-07-14 02:29:40.000000000 +0200
+++ ntpd	2008-07-05 01:52:18.000000000 +0200
@@ -22,7 +22,7 @@
 	checkconfig || return $?
 
 	ebegin "Starting ntpd"
-	start-stop-daemon --start --exec /usr/sbin/ntpd \
+	run-jail ntpd start-stop-daemon --start --exec /usr/sbin/ntpd \
 	    --pidfile /var/run/ntpd.pid \
 	    -- -p /var/run/ntpd.pid ${NTPD_OPTS}
 	eend $? "Failed to start ntpd"
;
; RSBAC JAIL definition for ntpd
;
; Installed versions:  4.2.6_p3(13:14:40 06.05.2011)(caps ssl -debug -ipv6 -openntpd -parse-clocks -selinux -snmp -vim-syntax -zeroconf)
;
; 20060920 20111301
;
; tested by: Jens Kasten (igraltist)
;
; tested on: Gentoo (hardened)
;
 
""
"0.0.0.0"
(allow-external-ipc
 allow-dev-write
 allow-netlink
 allow-inet-raw)
()
()
(time-strucs
 capability)

Depcreated:

;
; RSBAC JAIL definition for ntp-server
; 20060920
;
 
""
"0.0.0.0"
(allow-external-ipc
 allow-all-net-family
 allow-dev-read
 allow-dev-write)
(sys-time
 net-bind-service
 ipc-lock
 dac-override
 setgid
 setuid
 sys-resource)
()
(capability
 clock
 time-strucs
 mlock
 rlimit)
This is execute now:
rsbac_jail  -i -n -d -D -C  SYS_TIME NET_BIND_SERVICE IPC_LOCK DAC_OVERRIDE SETGID SETUID SYS_RESOURCE -M  capability clock time_strucs mlock rlimit start-stop-daemon  --start --exec /usr/sbin/ntpd --pidfile /var/run/ntpd.pid -- -p /var/run/ntpd.pid -u ntp:ntp   
//
wiki/experiences/igraltist/jail_ntpd.txt · Last modified: 2011/06/30 04:28 by 127.0.0.1

wiki/experiences/igraltist/jail_ntpd.txt · Last modified: 2011/06/30 04:28 by 127.0.0.1
This website is kindly hosted by m-privacy